ICO Fined Greenwich University For A Serious Data BreachJuly 3, 2019Data Privacy
In recent times another data breach story has come to light. The UK Information Commissioner Office fined £120,000 to the University of Greenwich. The reason behind was a serious data breach which disclosed the data of 19,500 students. This occurrence was related to a microsite developed by an academic and a student in the then-devolved University’s Computing and Mathematics School. It was to facilitate a training conference in 2004.
Inattention leads to major losses
The microsite was first compromised in 2013 for not being appropriately handled and being unsecured. Later in 2016, an intrusion took place by multiple hackers. Those hackers gained access over the web server by exploiting the site. They compromised personal data of 19,500 people including students, staff and alumni. The stolen data had sensitive information such as names, addresses and telephone numbers. Moreover, there were records, almost three thousands and five hundred in numbers. The confidential data, details of learning difficulties and staff sickness records, which posted online, were all maintained in those breached records.
On the following Monday, Steve Eckersley, the head of enforcement shed some light over the incident. He said, “While the microsite was developed in one of the University’s departments without its knowledge, as a data controller, it is responsible for the security of data throughout the institution.” He further said people who share their personal data with institutes, they, in return, expect from that institute to securely deal with the data. Every event pertaining to data breach makes an enterprise less-worthy or suspicious in front of its clients. Continuous notifications or reminders sent to organisations when they seem reluctant, and we have to make them complied forcibly.
The University Secretary Peter Garrod, “We acknowledge the ICO’s findings and apologise again to all those who may have been affected. No organisation can say it will be immune to unauthorised access in the future, but we can say with confidence to our students, staff, alumni and other stakeholders, that our systems are far more robust than they were two years ago as a result of the changes we have made.”
Garrod explained, “We take these matters seriously and keep our procedures under constant review to ensure they reflect best practice.”