The information watchdog is investigating reports of a data breach on the Class Charts behaviour management platform, which is used by tens of thousands of teachers.
Some parents logging on to Class Charts last week were reportedly shown data relating to other children.
The Information Commissioner’s Office told Schools Week it had “received a data breach report in relation to Class Charts and are assessing the information provided.
“Anyone who is concerned about how their data has been handled can get in touch with the ICO or check our website for advice and support,” said an ICO spokesperson.
Class Charts is used by more than 180,000 teachers, its website states. The company says it can “save teachers time and reduce workload with our data rich seating plans” and “improve pupil behaviour with our fast and effective behaviour management”.
Class Charts, owned by Tes Global Limited, did not respond to requests for comment.
Posts on school IT professionals forum Edugeek claimed some parents logging on to the system were shown information relating to other people’s children. A thread on the issue has more than 100 posts.
One post stated that “we had a parent report seeing totally different pupils from totally different schools”.
Another said they had “two other schools ring us to say their parents had seen data of our students/pupils as they recognised the school logo and contacted us to make us aware”.
A banner on the Class Charts platform, shared on Edugeek, initially stated that “we regret to inform you that a data breach has occurred on Class Charts”.
Firm launches probe following ‘data breach’
“Rest assured, we are actively addressing the issue, you do not need to take any actions but we will be in contact with affected users to ensure their data security.”
However, forum users reported the banner was subsequently taken down. And in a reply to one school shared on Edugeek, the company reportedly tried to play down reports of a data breach.
“We took immediate action to resolve the issue, but there was a very short period yesterday morning when a small number of parent or teacher users could be served up with the incorrect information.
“Once resolved, we started investigations to understand how this could happen, who had been affected, and safeguard against anything similar in the future. There is no evidence of a malicious attack or data breach.”
According to ICO guidance, personal data breaches can include “sending personal data to an incorrect recipient”.
One forum user said they “asked for explicit confirmation that they were not treating the issue as a data breach”.
They said Class Charts told them that “despite very early actions to notify all our customers through in-product messaging, we removed that message as our investigations revealed it was inaccurate”.
“The issue was caused by a product update, which was then swiftly removed.”