DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: The University of Greenwich fined £120,000 by Information Commissioner for “serious” security breach

Posted on May 21, 2018 by Dissent

The University of Greenwich has been fined £120,000 by the Information Commissioner following a “serious” security breach involving the personal data of nearly 20,000 people – among them students and staff.

It is the first university to have been fined by the Commissioner under the existing data protection legislation (Data Protection Act 1998).

The investigation centred on a microsite developed by an academic and a student in the then devolved University’s Computing and Mathematics School, to facilitate a training conference in 2004.

After the event, the site was not subsequently closed down or secured and was compromised in 2013. In 2016 multiple attackers exploited the vulnerability of the site allowing them to access other areas of the web server.

The personal data included contact details of 19,500 people including students, staff and alumni such as names, addresses and telephone numbers.  However, around 3,500 of these included sensitive data such as information on extenuating circumstances, details of learning difficulties and staff sickness records and was subsequently posted online.

Head of Enforcement at the ICO, Steve Eckersley, said:

”Whilst the microsite was developed in one of the University’s departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution.

“Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.”

The Commissioner found that the University did not have in place appropriate technical and organisational measures for ensuring, so far as possible, that such a security breach would not occur, ie for ensuring that its systems could not be accessed by attackers.

SOURCE: Information Commissioner’s Office

Category: Education SectorNon-U.S.Of Note

Post navigation

← Teen phone monitoring app leaked thousands of user passwords
University of Toledo alerts some faculty, students of lost flash drive →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.