The case was revealed in the Data Protection Commissioner's annual report
The Data Protection Commissioner (DPC) has seen a fall in the number of data breaches reported.
During 2016, a total of 2,301 notifications were received - of which 77 cases were classified as nonbreaches.
A total of 2,224 valid breaches were recorded, which is a decrease from the 2,317 reported in 2015.
However, one such case of a breach came in October last year, in what was described as a 'crypto-ransomware attack' on a primary school.
The DPC says parts of the school's information systems were encrypted by a third party, and a ransom was demanded to release the encrypted files.
These files contained personal information - including names, dates of birth and Personal Public Service Numbers (PPSNs).
An assessment found that the school had deficiencies in measures to secure pupils' personal data, including:
The report says recommendations were issued to the school that it take steps to reduce its risk and that several steps were taken to do so.
The Commissioner concluded: "This case demonstrates that schools, like any other organisation - commercial, public sector or private - operating electronic data-storage systems and interacting online must ensure that they have appropriate technical security and organisational measures in place to prevent loss of personal data, and to ensure that they can restore data in the event of crypto-ransomware attacks."
While 142 of the valid breaches last year were from the telecommunications sector - accounting for just over 6.3% of total cases reported.
The Commissioner says the highest category of data breaches reported involved unauthorised disclosures such as postal and electronic - the majority of which were in the financial sector.
The report also notes that in 2016, the DPC finally launched its own Twitter account and that the office now has almost 100 staff, up from just 30 in 2013.