In January 2026, a security breach occurred in the electronic journal system at a school in Otwock, Poland, where unauthorized access led to the erroneous issuance of numerous failing grades to students and the sending of vulgar messages. The incident has sparked a police investigation, highlighting vulnerabilities within school data management systems. According to Agata Sitarska of Librus, the attack did not breach the technical safeguards of the system but involved the unauthorized takeover of a teacher's account through compromised login credentials.

Barbara Nowacka addressed the incident, emphasizing that existing regulations already clearly define the responsibilities of educational institutions regarding data security. She noted that the laws impose obligations on entities that supply these electronic journal systems to protect the data from unauthorized access. In light of the breach, discussions are underway to consider adjustments in legislative measures to enhance the security provisions and ensure better protection of sensitive information within school systems.

The ramifications of this incident are significant, as they not only raise questions about the immediate security of electronic school records but also broader implications for how schools across Poland manage and protect student data. The need for stronger regulatory frameworks to safeguard educational data against unauthorized access is becoming increasingly urgent, calling for a potential reevaluation of current laws to better address evolving cyber threats in educational environments.