A gaming company illegally obtained access to information obtained from a government database that contains records of 28 million children. Information including student names, ages and detailed addresses is one of the largest data breaches in the UK government.
It is reported that the database is mainly responsible by the UK Department for Education (DFE), which contains detailed information on public and private schools and minors aged 14 and over in universities across the UK.
According to the Times, the leaked data was provided by a third-party training provider Trustopia to the data intelligence company GB Group, and GB Group ’s work includes signing agreements with third-party companies to access the data. Its customers include Gambling companies like Betfair and 32Red, which apparently use this data for age and ID verification on their websites. After the incident, Trustopia refused to acknowledge the incident.
Currently, the Ministry for Education has disabled access to the database and reported the incident to the ICO privacy protection agency. British Children’s Commissioner Anne Longfield told The Times she was shocked by the matter. Although the information used by bookmakers seems limited, the incident is likely to lead to a major investigation by the ICO.