Betting firms have used information from a U.K. government-run educational database containing the records of 28 million children to bump up the number of youth who gamble online.
The companies gained access to Learning Records Service database – which falls under the umbrellas of the U.K. Department of Education – through GB Group, which had gained access through third-party Trustopia. Training firm Trustopia reportedly had broken its agreement with the U.K. government, according to a report in the Sunday Times.
GB Group’s gambling customers then used access to the database to quickly verify ages and identities. According to a statement by the DfE, “it has immediately stopped” Trustopia’s access to the database and has “ended [its] agreement with them.”
The database houses information – such as names, ages and address – on minors 14 years old and older who attend schools, including colleges, in the U.K.
“This is perhaps the largest government data breach and will have far-reaching consequences for many years to come as betting companies and intermediaries have gained access to schoolchildren’s data which they hope to be able to monetize in order to attract future generations to gambling,” said Javvad Malik, security awareness advocate at KnowBe4.
“This is not just a security breach, but a breach of trust, where there is an expectation of fair, lawful and transparent uses of the data by everyone who has access to it – which in this case has not happened,” said Malik. “In all of this, the responsibility sits squarely with the Department on Education, which has collected vast amounts of children’s data for nearly a decade with apparently little oversight.”