York uni rapped for data breach
The university didn't notice it was leaking student information for over a year.


The University of York breached the Data Protection Act by making student information which should have been restricted available online, the Information Commissioner's Office (ICO) said today.
In March, reports indicated 148 individual student records were mistakenly leaked online by the university.
The actual data breach occurred in September 2009, however, when a member of staff failed to realise they made an error while working on the university's IT system.
For over a year, students could get hold of information about classmates when they should have been prohibited from doing so.
Information published included student addresses, phone numbers, dates of birth and A-level results.
"This breach could have been avoided if the University had properly assessed the risks that this work posed to the security of their students' details," said Simon Entwisle, director of operations at the ICO.
"They also failed to test the security of their IT system once the work was complete, leading to an unnecessary delay in the error being corrected." Entwisle said the university was lucky the information made available "wasn't likely to cause the students substantial damage or distress," so a fine was "not appropriate."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The university has taken action to improve security, with regular testing, the ICO said.
The ICO is planning to raise awareness of information rights issues amongst students.
It will be launching the 2011 Student Brand Ambassador campaign in the coming weeks, offering tips on how to keep personal data safe.
A total of 15 students will be selected as champions for the project.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Bigger salaries, more burnout: Is the CISO role in crisis?
In-depth CISOs are more stressed than ever before – but why is this and what can be done?
By Kate O'Flaherty Published
-
Cheap cyber crime kits can be bought on the dark web for less than $25
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
By Emma Woollacott Published
-
Elizabeth Denham appointed ICO boss
News Denham will be tasked with helping the UK leave the EU without any knock-on effects on privacy
By Clare Hopping Published
-
Information Commissioner signs off with overview of year
News Christopher Graham has issued a report outlining past achievements and recommendations for the future
By Clare Hopping Published
-
ICO blasts sluggish speed of EU data law reforms
News Information Commissioner calls for sensible laws when it comes to personal data
By Joe Curtis Published
-
Digital marketing firm hit with £50k nuisance calls fine from ICO
News Reactiv Media apologises for making marketing calls to TPS members, and claims they were made in error
By Caroline Donnelly Published
-
UK TPS users still receive nuisance calls, research shows
News Ofcom nuisance calls research shows TPS sign-ups leads to users receiving a third fewer calls
By Caroline Donnelly Published
-
Cabinet Office rapped for slow FOI request response times
News Government department blames uptick in requests caused by Jimmy Saville and Margaret Thatcher for delays
By Caroline Donnelly Published
-
Home Office under scrutiny over FOI response times
News Sussex Police and Tyneside Council also subject to monitoring by ICO
By Jane McCallion Published
-
UPDATED: Government departments rapped for slow response to FOI requests
News The Information Commissioner's Office places four public authorities under surveillance for three months next year.
By Caroline Donnelly Published