Data breach at University of East Anglia reveals students’ personal details

Data breach at University of East Anglia reveals students’ personal details

Personal data of 90,000 Univ of Surrey staff & students leaked by erring employee

The University of East Anglia mistakenly shared personal and sensitive details about certain students with hundreds of others via an e-mail.

The University later asked all recipients to delete the e-mail without opening or reading it and has launched an enquiry into the data breach.

"An email was mistakenly sent to 298 American Studies undergraduates this morning containing details of 42 students with extenuating circumstances. This clearly should not have happened and the university apologises unreservedly. The university has launched an urgent enquiry and is contacting all affected students to offer support," said a University of East Anglia spokeswoman.

2 out of 3 UK enterprises suffered data breach last year

The spreadsheet shared by the university with 298 students included details of health problems, personal issues and family bereavements of as many as 42 students. These students had sought extensions and other academic concessions based on these circumstances.

The revelation has resulted in shock and disbelief among affected students whose personal details are now available for all to see. "I felt sick at seeing my personal situation written in a spreadsheet, and then seemingly sent to everyone on my course," said Megan Baynes, a 23-year old student to BBC.

EXCLUSIVE: Top US university comes under severe phishing attack

The UEA Students' Union has termed the incident 'a shocking and utterly unacceptable data breach that should never have happened.'

"A simple mistake like this can have distressing effects for those caught in the middle. That distress is likely to turn to anger and the University could face serious legal repercussions for its mistake," said Thomas Fischer, Global Security Advocate at Digital Guardian.

11 ways of keeping cyber safe outside the office

"This incident reinforces the need for “data aware” security technologies in the education sector. This helps protect data at source, removing the risk factor associated with human error and insider threats. Had the University of East Anglia had such technologies in place, it could have prevented this highly sensitive student information from being sent without prior approval and prevented it from being opened by the recipients.

"Universities have a duty of care to their students and must better prioritise data protection so that mistakes like this don’t happen again," he added.

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles