ICO Fined Greenwich University For A Serious Data Breach

In recent times another data breach story has come to light. The UK Information Commissioner Office fined £120,000 to the University of Greenwich. The reason behind this was a serious data breach that disclosed the data of 19,500 students. This occurrence was related to a microsite developed by an academic and a student in the then devolved University’s Computing and Mathematics School. It was to facilitate a training conference in 2004.

Inattention leads to major losses

The microsite was first compromised in 2013 for not being appropriately handled and being unsecured. Later in 2016, an intrusion took place by multiple hackers. Those hackers gained access over the webserver by exploiting the site. They compromised personal data of 19,500 people including students, staff, and alumni. The stolen data had sensitive information such as names, addresses, and telephone numbers. Moreover, there were records, almost three thousand and five hundred in numbers. The confidential data, details of learning difficulties and staff sickness records, which posted online, were all maintained in those breached records.

On the following Monday, Steve Eckersley, the head of enforcement shed some light on the incident. He said, “While the microsite was developed in one of the University’s departments without its knowledge, as a data controller, it is responsible for the security of data throughout the institution.” He further said people who share their personal data with institutes, they, in return, expect from that institute to securely deal with the data. Every event pertaining to data breach makes an enterprise less-worthy or suspicious in front of its clients. Continuous notifications or reminders sent to organisations when they seem reluctant, and we have to make them complied forcibly.

The University Secretary Peter Garrod, “We acknowledge the ICO’s findings and apologise again to all those who may have been affected. No organisation can say it will be immune to unauthorised access in the future, but we can say with confidence to our students, staff, alumni and other stakeholders, that our systems are far more robust than they were two years ago as a result of the changes we have made.”

While winding-up

Garrod explained, “We take these matters seriously and keep our procedures under constant review to ensure they reflect best practice.”