More on KentOnline
Parents at a fee-paying private school were tricked into handing over cash after hackers sent out bogus emails over the Christmas holidays.
St Lawrence College in Ramsgate has confirmed the data breach of its computer systems and that two parents of students from abroad handed over cash to the scammers.
The school said fake emails informed parents they could get a discount on the fees for the last two terms of the year if they paid up in advance.
Principal Antony Spencer described the breach as a 'sophisticated hack' but reassured parents additional cyber security measures are being installed following the breach.
The exact amount parents paid in the scam has not been disclosed but a spokesman for the College Road school said the "total loss has been minimal" after the school stepped in despite officially being closed for the holidays.
Police and fraud investigators were notified on December 28 after the hack the previous day when two emails were sent out alleging to be from the school's bursar.
It offered parents the chance to get a discount on fees for the spring and summer terms and instructed them to pay the funds into non-school accounts or by using crypto currency.
The two families have been trying to recover the money from their banks, a statement from the school said.
Boarding students pay between £8,895 and £11,945 per term depending on their age, while day students pay between £2,565 and £5,333 each term.
The Information Commissioner's Office (ICO) has been told and is also investigating along with police and bank fraud teams.
Mr Spencer said: "On 28th December we became aware of a potential fraud whereby a fake email account was being used to contact parents offering an early pay discount, with the funds to be placed into non-school accounts or crypto currency.
"Despite the fact that the fraudsters had deliberately targeted the school at a time it was officially closed for Christmas, prompt action was taken and all parents were alerted to the risk, and the Police, Action Fraud and the banks’ fraud teams were notified.
"The ICO has also been notified regarding the data breach.
"We are currently aware of just two payments that were made by overseas parents to the fraudsters, and both families are seeking redress from their banks.
"The fake emails were the result of a quite sophisticated hack, which gave the hackers access to some personal data, primarily email addresses. Parents have been assured that additional cyber security measures have since been implemented to further improve the defences against such threats.”