A Hampshire school has been criticised for losing nearly 20,000 people's personal details.

Back in March, Bay House School lost personal details, names, addresses, photographs and some medical information on 7,600 pupils along with details of teachers and parents. In total just under 20,000 people were hit.

An administrator used the same password for the school's website and data management system.

A pupil found out the password while hacking the school website, and then used the same password to get into other databases.

The Information Commissioner's Office said it was important to use different passwords.

The ICO said it was pleased the school had agreed to improve procedures including encrypting information and separating systems. ®

Related stories

• Report: Involve IT experts in releasing gov datasets (14 September 2011)
• DOH! Housing contractor loses unencrypted stick down the pub (5 August 2011)
• Travelodge blames 'vindictive individual' for email database breach (5 August 2011)
• ICO tells public sector to respond to Twitter (4 August 2011)
• ICO won't investigate Tory minister (28 July 2011)
• ICO probes Tory minister PI blagging allegations (28 July 2011)
• ICO: Volunteer to be audited by us, we might not bust you (7 July 2011)