School CCTV Streams End Up on US Website

The ICO has launched an investigation after it emerged that CCTV camera feeds from several Blackpool schools ended up on a US website.

The live streams from Highfield Leadership Academy, St Mary’s Catholic Academy and Christ the King Catholic Academy were broadcast publicly after an apparent security blunder by Eric Wright Facilities Management, which serves all three schools.

They were reportedly taken offline within an hour, but question marks remain as to how the video images ended up being broadcast in the first place.

“As soon as our systems were alerted, the camera feed was immediately taken offline and our technology experts were on site to investigate the breach and to determine the cause,” the firm’s spokesperson told the Blackpool Gazette.

Parents were alarmed at the revelation, with further panic ensuing after pictures appeared in national media of cameras inside school toilets. It’s understood, however, that the CCTV streams hacked in Blackpool were mainly of the outside of the schools in question, and one inner stairwell.

The ICO said it was investigating reports of a website streaming footage from internet-connected security cameras from around the world.

"This may include contacting suppliers, manufacturers and users where they can be identified. We will also be liaising with our colleagues in other countries to consider what steps can be taken on an international level,” it added.

“The ICO advises anybody who purchases an internet-connected device which has the capability to stream live video to immediately change passwords and usernames from default settings and to set a strong password — one that should not be known by anyone else or be easy to guess.”

Chief scientist and fellow at McAfee, Raj Samani, argued that security must be built-in to connected devices from the ground-up.

“We can educate children about how to protect themselves online and when using their devices, but businesses manufacturing devices must do their bit too and that is ensuring security is built-in from the get-go. There really are no excuses anymore,” he added.

What’s Hot on Infosecurity Magazine?