PLT Masthead 430

Masthead Education - Higher Education

University hit with £120k monetary penalty for "serious" security breach

The University of Greenwich has become the first university to be fined by the Information Commissioner’s Office (ICO), after a “serious” security breach involving the personal data of nearly 20,000 people including students and staff.

The ICO’s investigation centred on a microsite developed by an academic and a student in the then devolved University’s Computing and Mathematics School, to facilitate a training conference in 2004.

After the event, the site was not subsequently closed down or secured and was compromised in 2013. In 2016 multiple attackers exploited the vulnerability of the site allowing them to access other areas of the web server.

The ICO said the personal data included contact details of 19,500 people including students, staff and alumni such as names, addresses and telephone numbers. “However, around 3,500 of these included sensitive data such as information on extenuating circumstances, details of learning difficulties and staff sickness records and was subsequently posted online.”

The Commissioner found that the university did not have in place appropriate technical and organisational measures for ensuring, so far as possible, that such a security breach would not occur, ie for ensuring that its systems could not be accessed by attackers.

The ICO issued the university with a £120,000 monetary penalty.

Steve Eckersley, Head of Enforcement at the ICO, said: “Whilst the microsite was developed in one of the University’s departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution.

“Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.”

Archive

Search more than 10,000 articles

Featured Jobs

Newsletter Subscription

* indicates required
Choose Newsletter(s) (tick all that apply)
 

Featured Events

Fixed term tenancies - Cornerstone Barristers

London

CPD Hours3 FeeEarly Bird offer £30+VAT (Until 1st October) / Standard Ticket £40 +VAT VenueCornerstone Barristers, 2-3 Gray's Inn Square, London, WC1R 5JH More details to follow...
→ View listing
Succession & assignment of tenancies - Cornerstone Barristers

London

CPD Hours3 FeeEarly Bird offer £30+VAT (Until 1st August) / Standard Ticket £40 +VAT VenueCornerstone Barristers, 2-3 Gray's Inn Square, London, WC1R 5JH More details to follow...
→ View listing
Local Authorities – Planning Seminar Series 2018: Leeds - No5 Chambers

Yorkshire

No5 Barristers' Chambers Planning Group invites you to join them at their Local Authorities Seminar Series which is taking place in London, Bristol, Leicester and Leeds. The Seminars consist of a morning session dedicated to Planning and Development Update...
→ View listing
Local Authorities – Planning Seminar Series 2018: Leicester - No5 Chambers

East Midlands

No5 Barristers' Chambers Planning Group invites you to join them at their Local Authorities Seminar Series which is taking place in London, Bristol, Leicester and Leeds. The Seminars consist of a morning session dedicated to Planning and Development Update...
→ View listing
Commercial property: CRAR and forfeiture of lease - High Court Enforcement

Distance Learning

Cost: Free-of-charge This webinar will cover commercial property and forfeiture of lease and is intended for those in the commercial property sector and property solicitors.  
→ View listing
HB Editorial Services Ltd 2016.