Scottish Qualifications Authority investigating data breach involving 17,000 documents

The Scottish Qualifications Authority (SQA) has confirmed it is investigating a security incident after approximately 17,000 documents were allegedly leaked and made available on a dark web forum on March 8, 2025.  The SQA is Scotland's national accreditation and awarding body responsible for national qualifications.

SQA defines the incident as "the unauthorized use of website-access credentials". The security breach was first discovered when a dark web forum post titled "Scottish Qualifications Authority – 2004-2025 Assignment QPs & Resources" appeared from a user called "pine." The post claimed that the dataset contains 17,460 files, including current 2025 coursework and assignments, as well as historical materials dating back to 2004.

The SQA has stated that the unauthorized access was limited to "a single SQA centre" whose access to the SQA Secure platform has now been suspended.

According to sources familiar with the matter, the leaked files primarily contain:

• Guidance for teachers on exam marking and coursework
• Historical educational materials dating back to 2004
• Some current 2025 coursework and assignment materials

The SQA claims that the compromised data is not considered sensitive and does not contain personal details of students or staff. The majority of the files are described as "historical material" that would be unlikely to cause alarm or distress to parents or students.

The SQA has launched an investigation to determine potential impact and assures other SQA centres that they can continue to safely access SQA Secure