A South East based webcam system provider suffers data breach

NurseryCam, a webcam system that gives parents access to drop in and watch their children while at nursery school has written to families to tell them of a data breach.

The company have said it did not believe the incident had involved any unpermitted access where youngsters or staff would have been watched but has shut down its server as a precautionary measure.

The Guildford-based company is used by about 40 nurseries across the UK.

The company has notified the ICO. Under UK rules, the Information Commissioner's Office must be told of a breach if it has "significant impact" within 24 hours.

NurseryCam said it first became aware of the incident shortly after 17:00GMT on Friday. They added, that a "loophole" in its systems had been used to obtain data from parents' viewing accounts including:

  • usernames

  • passwords

  • names

  • email addresses

In a statement, NurseryCam’s director Dr Melissa Kao said: “The person who identified the loophole has so far acted responsibly.”

Chris White, Head of Cyber and Innovation at The South East Cyber Resilience Centre said: “Data breaches like this can often be prevented or the effects significantly minimised by adopting some of the most simple but effective cyber security measures.

“The South East Cyber Resilience Centre offers a range of services for businesses that can help you identify your digital vulnerabilities and weaknesses or if you are a victim of a data breach, we can run an individual internet investigation that would identify what personal or private information is publicly available online.”

Find out more on our dedicated Student Services page www.secrc.co.uk/services

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.