Betting Companies Granted Access to Data on 28m Children

  • Could be one of the biggest breaches of government data in history
  • An education and training provider was allowed to use the database
  • Department for Education (DfE) has launched an investigation
  • Betting companies allegedly accessed the data through a third-party organization
data message warning on laptop screen
An investigation is underway after betting companies gained access to a database containing the details of 28 million children in the UK. [Image: Shutterstock.com]

Massive data breach

Betting companies in the United Kingdom are believed to have gained access to the personal details of 28 million children in what could turn out to be one of the biggest breaches of government data in history.

The data that was allegedly accessed include the ages, addresses, and names of children who were at least 14 years old and living in England, Northern Ireland, and Wales.

could turn out to be one of the biggest breaches of government data in history

Details of this massive data breach were brought to light by an investigation conducted by The Sunday Times. The database in question is called the Learner Record Service.

The purpose of this database is to aid education providers when it comes to verifying the academic records of students. It also judges their eligibility to receive extra funding. Stored under strict privacy rules, the data is only allowed to be used for educational reasons.

Department for Education responds

According to the Department for Education (DfE), the database has now been disabled. The department has now referred this breach to the Information Commissioner’s Office. It has the power to levy fines of up to £17m ($22m). 

Education secretary Gavin Williamson informed his department to “leave no stone unturned” in investigating this matter. The DfE denies ever approving this data being shared with betting companies. It says that a third-party group had given the firms access to this database.

Gavin Williamson informed his department to “leave no stone unturned” in investigating this matter

A DfE spokesperson said “This was completely unacceptable and we have immediately stopped the firm’s access and ended our agreement with them. We will be taking the strongest possible action.”

Third-party organization

As reported by The Sunday Times, GB Group is an English data intelligence company based in Chester. It had a contract in place with a different firm to gain access to this data.

GB Group provides identity and age verification services for leading betting companies like Betfair and 32Red. Verification is a vital part of compliance for these companies as it helps stop underage people from gambling online.

According to the DfE, Learner Record Service access was given by the government to a screening firm for new employees. This firm is called Trust Systems Software, but it’s trading name is Trustopia. The DfE is investigating whether it was Trustopia that granted access to this database to the GB Group. 

Trustopia has denied doing so. Speaking to The Sunday Times, it emphasized that it places the utmost emphasis on using data lawfully. 

GB Group did confirm that it was using this Learning Record Service database as provided by a third-party organization. A spokesperson said: “We take claims of this nature very seriously and, depending on the results of our review, we will take appropriate action.”