A south coast college has reported a cyber incident after data was breached last Friday.

According to media reports, Weymouth and Kingston Maurward College said it had an email breach from “an unidentified source” which led to data being accessed which “may have included personal data such as contact information from anyone who has had previous communication from the college.”

It is unknown how much information has been breached, and who has been affected by this, but a spokesperson for the college, in an email to those affected, said: “WKMC takes all appropriate organisational and technical measures to keep your personal information safe and secure.

“We respect the privacy of your information and of your information, which is why, as a precautionary measure, we are writing to inform you of a data security incident that may involve your personal information.

“The data accessed may have included personal data such as contact information from anyone who has had previous communication from the college. We have isolated the unidentified breach and to our knowledge, we are satisfied with the actions in place to alleviate the spread.

“WKMC values your privacy and deeply regrets the occurrence of this incident. We are conducting a thorough review of potentially affected mailboxes.”

“We have implemented additional security measures designed to prevent a recurrence of such an incident and to protect the privacy and security of WKMC information and systems.”

Phishing Attack

In a statement published by the Dorset Echo, the college confirmed it was subject to a phishing attack, with a "very small" number of email accounts compromised as a result.

The college says that a full investigation is under way, which has so far found some spam emails sent from compromised accounts.

A spokesperson said: “A very small number of email accounts were compromised for a minimal amount of time before the attack was identified and remedial action taken. Whilst a full investigation is in progress at this time it appears that the attack only resulted in some spam emails being sent from these compromised accounts. 

"The College would like to reassure students, staff and those who work with the College that it has robust systems and procedures in place that resulted in this attack being identified early and an immediate locking down of those accounts affected. The matter has been reported to the Information Commissioner’s Office (ICO)."

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.