View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 17, 2016updated 04 Sep 2016 10:10pm

University of Greenwich data breach exposes student data online

News: The Information Commissioner's Office has started an investigation into the matter.

By CBR Staff Writer

A data breach at the University of Greenwich has affected several London-based research students, whose personal details were exposed online.

The University has apologised and has said that it is contacting those affected.

One of the students brought the matter tothe BBC’s notice after discovering the data through a Google search.

The names, dates of birth, mobile phone numbers, signatures, and addresses of students were uploaded to the university’s website.

The news agency said the details were uploaded alongside minutes from the university’s faculty research degrees committee, which handles the registrations and progress of its research students.

In several cases, mental health and other medical conditions of students were included in the published documents.

The comments of supervisors on students’ progress were also disclosed. Copies of emails between university staff and individual students were also published in several cases.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The University has contacted Google to make sure that cached copies of the documents cannot be recovered from its search engine.

The University’s secretary Louise Nadal was quoted by the BBC as saying, "I am very sorry that personal information about a number of postgraduate research students has been accessible on the university website.

"This was a serious error, in breach of our own policies and procedures. The material has now been removed. This was an unprecedented data breach for the university and we took action as quickly as possible, once the issue came to light.

"We are now acting urgently to identify those affected. I will be contacting each person individually to apologise and to offer the support of the university."

Britain’s data regulator, the Information Commissioner’s Office (ICO) has started an investigation into the matter.

The watchdog said: "We are aware of an incident at Greenwich University and are making enquiries."

Kevin Cunningham, president and founder of SailPoint said: "Being exposed as unprepared and ill-equipped to minimise the damage associated with a breach is a fear of any organisation.

"Universities today house vastly more sensitive data, and so everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect that sensitive information and ultimately, the health and longevity of the organisation."

A recent survey by NTT Com Security highlighted the significance for businesses to secure and protect against data breaches.

According to NTT Com Security’s Risk:Value report, business decision makers expect a data breach to cost upwards of £1.2m in recovery costs.

Earlier this month, another survey revealed that more than half of data breaches in the UK public sector originate from someone who has access to the systems, with loss in many cases being accidental or due to human error.

GovNewsDirect conducted the survey, under which over 80% of respondents claimed to be ‘data owners’, who can authorise or deny access to certain data.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.