The University of York has yet again been held responsible for a data breach after it was discovered that students’ private information was publicly available on the University website in February earlier this year. The blunder happened three weeks before the separate data incident reported by Nouse at the end of last term.
Due to a technical fault, PDF files containing ID photos, full names and webmail addresses of all 764 Economics undergraduate and postgraduate students at the University were publicly available to view and download to anyone through a student enquiry screen.
Under normal circumstances, the enquiry screen should only be available through an academic staff password filter. The problem was only rectified when a student emailed the University after they discovered the data by searching for “York student enquiry screen” on Google. The student in question was assured the documents were only available for three weeks, but this has not been independently verified.
This occurred only weeks before a more serious data breach on March 14, where mobile numbers, term-time addresses and A-level results were also available. This information had been visible from 21 November 2010.
This is particularly worrying, given that one data leak remained after the other had been discovered. The University told Vision: “The incident in Economics occurred during migration to the CMS when the information was rendered temporarily accessible. None of the information constituted sensitive personal data, which could expose students to identity theft. In any event, the files were removed as soon as the Department was made aware of the situation.”
Original and print article stated that the data leak involved “all the students at the University.” The leak was in fact confined to the Economics department.
The original article also says that “The revelation that two separate data breaches could occur in the space of a month calls into question the capability of the IT service to look after students’ details.” However, the mistake which led to this data leak was made within the Department of Economics and had nothing to do with IT Services.
Apologies for the mistakes which have now been corrected online.
Adam Coe
(News Editor)
So, they got to see as much, probably less, information than you could see from most of these people’s Facebook pages(which I’m sure most of them have). Ooh, scary!