PARENTS in York have been warned that their bank card details may have been compromised after a payment platform used by schools suffered a “data security incident”.

A letter from Archbishop Holgate’s School and the payment platform WisePay to parents says that a cyberattack happened on October 2. 

WisePay is used by parents to help pay for pupils’ food and schools trips and events. 

The letter recommended parents to “take prompt steps to pause or cancel the payment card you have used on our site”. 

It said: “We value the privacy of your information, which is why we are writing promptly to let you know about a data security incident that affected our payment platform provider, WisePay.

“At some point around October 2, we understand that a cyberattack occurred in the form of a URL manipulation, meaning that the payment gateway page was redirected or controlled by a bad actor.

“WisePay has engaged a computer forensics expert, and the forensic investigation is ongoing. 

“Even though you did not attempt to make any transactions during the period in question, as best practice, we would still recommend that you are especially cautious regarding your personal financial arrangements and take prompt steps to pause or cancel the payment card you have used on our site. 

“We also recommend you take additional precautionary steps to change passwords or login details for your bank accounts and credit cards.

“WisePay has taken its website offline until the incident is remediated.
“It is also taking steps to implement additional security measures designed to prevent a recurrence of such an event. 

“WisePay also has notified the UK’s Information Commissioner and law enforcement to ensure the incident is properly addressed.”

The Press approached both Archbishop Holgate’s School and WisePay but no comment was available.

Meanwhile, the BBC reported that the hack has affected around 300 schools across the UK. However, the firm is reported to have said only a small number of pupils’ parents used the system before it was taken offline. 

The company’s managing director, Richard Grazier, told the BBC this was because the type of cashless payments made - things like school meals - would not be done on a daily basis, adding.

He added that the hacker had managed to find a “backdoor” into the system’s database and had modified one page, causing users to be redirected to an external page controlled by the attacker.