One Source May 21 Composite banner 600 edit

Slide background
Slide background
Slide background
Slide background
Slide background
Slide background
Slide background
Slide background
Slide background

University pays out more than £142,000 to affected students after data breach

The University of East Anglia has paid out £142,512 to students after their personal details were mistakenly sent to hundreds by email.

The amount paid by insurers on the university’s behalf was revealed following a freedom of information request by the university’s student newspaper, Concrete.

According to the university, the breach occurred in 2017 after an email autofill function suggested a group email address which a UEA staff member incorrectly selected when attempting to send the file to a colleague.

The file, a spreadsheet which was not password protected, was sent to 298 people. It listed students' extenuating circumstances (personal circumstances which might affect a student’s performance in assessment or examinations).

An independent internal auditor’s report found that: “[Instead of using email,] the shared drive should have been used for sharing the information, the attachment should have been password protected and the University’s email infrastructure could have been configured in a way which, while less convenient, would have reduced the prospect of an incorrect address being selected and, in particular, an address which was a group email.”

The report added: “All of these issues are being addressed by the University.”