Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The news of a Pembroke College data leak has recently been reported after it emerged that private details relating to the college’s alumni were made vulnerable to unauthorised access. Users with access to the college’s single sign-on system were reportedly able to access extensive personal information on the former Oxford University students who were hosted at Pembroke College, according to Cherwell.
All organisations that process and store personal data have a legal duty to protect it in accordance with the GDPR. Where they fail to do so, they can be held liable for a data protection breach. In some cases, the affected victims can also be eligible to make compensation claims for the harm caused.
Although it appears that the alumni information was not exposed outside the organisation, the incident at Pembroke College nevertheless demonstrates the problems with failing to manage data access appropriately.
As part of a 2021 telethon designed to obtain donations from alumni, Pembroke College is understood to have held a range of details to allow telethon workers to contact these former Oxford University students. However, the Pembroke College data leak led to the records of this telethon being open for access by employees outside the authorised team.
Cherwell reports that the compromised information included full names, addresses, phone numbers, and ages of college alumni. It is also understood to have included notes taken during the calls, and details about donations that have previously been made by named individuals.
Pembroke College has stated that the technical issue in the system that holds alumni and donor data, which it says has since been resolved, arose when the site was first created. It has also said that those who accessed the data without the appropriate authorisation have been identified and warned against misusing information.
According to the GDPR, employees should only be allowed to access personal information for specific work-related purposes, and for purposes that reflect the reasons for which the data was disclosed. The alumni of Pembroke College would likely not have been aware that their data would become freely accessible across the university without good reason.
The issue was deemed to be serious enough to report to the Information Commissioner’s Office (ICO), which investigates potential data protection breaches. While the damage caused by the incident may have been limited, those affected by the Pembroke College data leak may well have lost trust in the organisation.
Anyone who has been affected by a data breach in which an organisation has mismanaged access to data could be eligible to make a compensation claim. We are seeing more and more of these types of incidents where simple flaws or oversights have resulted in a wealth of information being leaked. In the worst cases, private and sensitive data can be leaked which can cause significant distress to the victims.
All organisations have a duty to protect the information that they store and process, and we continue to see more and more breaches and more and more people claiming. Things, as they stand, do not seem to be getting any better despite the GDPR being introduced.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020