Finham Park Multi Academy Trust have been issued a Reprimand in respect of Articles 5 (1) (f) and 32 (1) (b). An unauthorised third party utilised compromised credentials to access and encrypt Finham Park’s systems. 1843 UK Data Subjects were affected by the incident, and the ICO’s investigation found Finham Park did not have adequate account lockout or password policies in place.