The University of Greenwich has accidentally published data in a breach that highlights why insider threats should be taken seriously.
Students’ personal data was published online by accident, along with meeting minutes from the Faculty Research Degrees Committee. The students’ data included confidential health information and their mobile phone numbers. The university has since removed the data, apologised to all those affected and is now working to ensure that cached versions of the data are removed. An investigation is now being carried out, with a promise to make public the findings and recommendations.
Legal experts and data security professionals say this incident highlights why organisations need to be aware of the risks of human error and the repercussions for failing to review what is published online. The EU is set to bring in new regulations on data security in 2018; however, legal experts believe that the University of Greenwich could still face a fine, as this incident appears to be a breach of the UK’s Data Protection Act.
The fine from the Information Commissioner’s Office (ICO) could be as much as £500,000, with the organisation confirming that it is aware of what has happened but that its investigations are only just under way. The breach could also mean that students make claims against the university.
The breach at the University of Greenwich highlights the consequences of not properly protecting data and the importance of identifying and closing off vulnerabilities within a system as quickly as possible to reduce the risk of further data breaches.