|
|
Brian Sims
Editor |
| Home> | Security | >IT Security | >Huge fine for University following data breach |
Huge fine for University following data breach
22 May 2018
THE UNIVERSITY of Greenwich has been fined £120,000 by the Information Commissioner following a serious security breach involving the personal data of nearly 20,000 people.
It is the first university to have been fined by the Commissioner under the existing data protection legislation (Data Protection Act 1998). The investigation centred on a microsite developed by an academic and a student in the then devolved University’s Computing and Mathematics School, to facilitate a training conference in 2004.
After the event, the site was not subsequently closed down or secured and was compromised in 2013. In 2016, multiple attackers exploited the vulnerability of the site allowing them to access other areas of the web server.
The personal data included contact details of 19,500 people including students, staff and alumni such as names, addresses and telephone numbers. However, around 3,500 of these included sensitive data such as information on extenuating circumstances, details of learning difficulties and staff sickness records and was subsequently posted online.
ICO H=head of enforcement Steve Eckersley, said: ”While the microsite was developed in one of the University’s departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution.
“Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.”
The Commissioner found that the University did not have in place appropriate technical and organisational measures for ensuring, so far as possible, that such a security breach would not occur and that suitable steps were not in place to prevent its systems from being accessed by attackers.
- Insurer Aviva issues warning over rising claims related to lithium-ion battery fires
- G4S plc provides trading update for 2020 on day of Annual General Meeting
- Third prosecution for landlord over bedsit
- NSI invites expressions of interest from fire safety providers for BAFE’s new SP207 Scheme
- BSI warns business community of increase in COVID-19 phishing campaigns
- Fire chiefs launch new evacuation guidance
- Detailed research supports calls for mandatory sprinkler systems in schools
- Charity launches social media platform for Fire and Rescue Services community
- Pub landlord guilty of fire safety breaches
- New joint publication for fire safety
- From the editor
- Blog for FSM website
- Information Commissioner makes key appointments
- BSIA forges closer American links ahead of Brexit
- Fire and Security Association names new chair
- Government wants mergers regime update to protect national security
- Chain wrestling
- Intersec 2018 preview
- Leading brands supporting new Security Event at NEC
- Leading security companies support launch of new security event at the NEC









