The Information Commissioner's Office (ICO) will be making enquiries into a data breach at the University of York, it was revealed today.
Over 17,000 students had their personal data leaked on a section of the university's website, a number of reports indicated, but a statement from the institution indicated just 148 individual records had been accessed.
IT PRO asked the university why there was such a significant discrepancy between the two figures, but it declined to comment.
Information published included student addresses, phone numbers, dates of birth and A-level results.
The university could face punishment from the ICO, which confirmed to IT PRO it is looking into the situation.
"We will be making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken," an ICO spokesperson said.
The ICO has the power to fine any organisation up to 500,000 if they are found to have breached the act.
The university said it took immediate action to rectify the problem and said it will contact the relevant people involved.
"We will contact these individuals over the next 24 hours to inform them and to discuss this matter," said Dr David Duncan, registrar at the University of York.
"We are also investigating all procedures and management systems and will undertake a thorough review of our data security arrangements."
Aziz Maakaroun, business development director at vulnerability management specialist Outpost24, said the breach was embarrassing for the university.
"By reporting this breach to the Information Commissioner's Office, and by launching a full and immediate investigation into how it occurred in the first place, the university is clearly taking the right steps to remedy the situation," Maakaroun said.
"However, you can't help but think that this is like locking the stable door after the horse has bolted."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
-
Experts question sheer scale of data storage required by Snooper's CharterNews Who will foot bill for physical infrastructure to house UK's browsing histories?
-
Snapchat's T&Cs update could put user data at riskNews Kaspersky said giving the service permission to share pictures with third parties could lead to a serious breach of privacy
-
Transport Systems Catapult launches data sources catalogueNews Intelligent Mobility Data Index could push forward smart transport innovation in the UK
