Scotland’s national exams body is investigating a data breach at an Ayrshire school after a large cache of documents were leaked on the web.
The Scottish Qualifications Authority (SQA) is looking into a suspected unauthorised network login from credentials belonging to a member of staff at the unnamed school – which has led to more 17,000 documents being spilled online.
It is not yet clear whether the files – containing guidance for teachers on exam marking and course work – were downloaded as the result of an insider threat, or if an SQA-authorised employee was the target of hackers.
It is believed that the data is not considered to be sensitive or personally identifies students or staff, and is mostly ‘historic’ information unlikely to cause alarm or distress to parents or learners.
The network intrusion began late Friday and lasted into Saturday, with claims then appearing on social networks linking to a well-known dark web data breach site.
An X user going by the name @petikvx posted details of the breach, with links to Dark Web Informer, where it was claimed: “A cybercriminal known as pine has claimed responsibility for leaking educational documents and assignments from the Scottish Qualifications Authority (SQA). The compromised dataset reportedly contains 17,460 files, including coursework, assessments, and support materials for teachers and examiners.
“The leak consists of PDF and DOCX files, totaling 12GB compressed and 18GB uncompressed, allegedly taken from secure.sqa.org.uk. The exposed materials include past and present assessment resources covering a period from 2004 to 2025.”
An SQA spokesperson said: “SQA can confirm that the issue relates to the unauthorised use of website-access credentials at a single SQA centre and is not the result of a cyber-attack. The centre’s access to SQA Secure has been suspended. Other SQA centres can continue to safely access SQA Secure while our investigations continue.”
