Image via Wikipedia
The University of York (informally York University, occasionally abbreviated as Ebor. for post-nominals), is an academic institution located in the city of York, England. Established in 1963, the campus university has expanded to more than thirty departments and centres, covering a wide range of subjects
The same university has now been pleaded guilty of a massive data breach which involves publishing the personal details of over 17,000 students including their cellphone numbers, date of birth and qualification scores from previous examinations.
The breach incident had happened in the starting week of March has also been reported to the UK data protection registrar, the Information Commissioner’s Office (ICO). As part of the prevention measure, the university has already apologised from their side for data breach and are also reviewing their security system.
So what exactly happened?
Ever since the breach incident happened, the confidential information of students was exposed to public visitors of the university website. This meant that any one could access over 17,000 records of all university staff, faculty members and registered students. This happened because the site page was not secure using a password protection mechanism thereby providing easy and open access to the data.
What is all the more concerning is that apart from the students their emergency contacts information was also exposed there by indicating that the breach was not just limited to the students.
University Registrar Dr David Duncan, issued a statement which said: “We are also investigating all procedures and management systems and will undertake a thorough review of our data security arrangements. “The Information Commissioner has been informed. “I would like to apologise to everyone who has been affected by this breach.” David Duncan added, “We will contact these individuals over the next 24 hours to inform them and to discuss this matter”.
The data breach was first discovered by the university’s student run newspaper.
The Information Commissioner’s Office (ICO) is conducting enquiries into the data breach incident at University of York.
An ICO spokesperson said, “We will be making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken”.
If found guilty the university could face punishment from the ICO. The Information Commissioner’s Office has the power to fine any organisation with up to £500,000 if they find any organization guilty of breaching the act.
Secure your Data with Alertsec
Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.
Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.
Related articles
- System failure blamed for increasing data breach costs (go.theregister.com)
- University in student data breach (bbc.co.uk)
- University in ’serious’ data breach; Publishes 17,000 students’ data (zdnet.com)
From the capital city of the United Kingdom to the capital city of California. It doesn’t matter if you are in London or Sacramento – you need to encrypt your disk drives. At one level it seems so obvious. But as these stories show – it’s much easier said than done! They are both not only examples of the need for encryption but the need for just outright deleting and destroying old information.
