A magisterial inquiry and a police investigation are under way after the SchoolHandle online school management system used by private and Church schools suffered a cyberattack.

A spokesperson for the police said its Cyber Crime Unit was alerted about the cyberattack and immediately started an investigation. It also informed the duty magistrate who ordered an inquiry.

The school management system, used by the school administration, parents, teachers and schoolchildren, is managed by Klikkcode Limited.

Executive director Gordon Zammit told Times of Malta when contacted that the company filed a police report after falling victim of a cyberattack to its system.

The attack took place on May 31 and was reported immediately. Details of what actually happened are sketchy and Zammit was unwilling to provide any due to the risk of jeopardising the investigation.

“A magisterial inquiry is under way, and we are acting under the strict instructions of the Cyber Crime Unit. It remains to be seen to what extent – if at all – data we process, as data processors on behalf of our clients (the data controllers) have been affected,” he said.

Zammit emphasised, however, that all clients who were potentially affected by the attack were immediately notified as the company was required to do by law.

“From an operational perspective, our clients have not been impacted and all our clients including SchoolHandle (not Klikks) are fully operational and doing their normal activities,” he added.

SchoolHandle is a cloud-based online school management system used by private and Church schools providing user-friendly dashboards to facilitate the provision of information, from admission of new students to generating transfer certificates when students complete their studies.

Teachers can upload notes or assignments that students can then download and submit on the same system, which teachers can download and give back relative feedback through the system.

Government schools use a different service provider.

Various schools wrote to parents and teachers to inform them of the cyberattack last week, asking them to change their password immediately.

A Church school told parents and teachers that “although it does not seem that our school has been affected by this attack, as a precautionary measure users are advised to change their login password”.

Since the cyberattack may amount to a data breach, individual schools and the Church’s Secretariat for Catholic Education reported the matter to the Information and Data Protection Commissioner.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.