The University of York’s student publication, Nouse, blows the whistle on a breach at the university involving exposure of student information:
On a student enquiry screening function enabled on the website, and open to the general public, the private details of any registered student were made freely accessible. This included all their personal details such as mobile numbers, home and term-time addresses, and date of birth.
In addition, particular concern was raised over the publication of the details of all students’ registered emergency contacts, including the disclosure of names, email addresses and mobile numbers. Most emergency contacts are close relatives or friends who do not attend the University themselves.
The search also disclosed the AS and A-Level results of all students, as well as their personal photo submitted for the University card.
[…]
The information has been available and accessible for over a week, though after being alerted of the security breach this morning, the University has since disabled the system
The details of 17,094 students, including all those in undergraduate, post-graduate and part-time study could be accessed via the University website, without the need to even enter a University login.
Read more on Nouse.