Legal help for data breach compensation claims

A data breach at the University of Surrey Sports Park hits 90,000 staff and students

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

A data breach at the University of Surrey Sports Park has hit 90,000 people after a password was published online by a software supplier in what is being classed as an “employee error”.

The University has reportedly contacted members, staff and students to inform them of the data security issue, where details like birth dates, bank details, health information and contact particulars was at risk of exposure due to the publication of the password. A “sincere apology” has been issued, and victims of the breach are being asked to remain vigilant.

The data breach has been reported to the Information Commissioner’s Office (ICO). It is unknown as to whether any information was illegally accessed, and the University consider the risk caused by the data breach as low.

The CEO of Surrey Sports Park, Karen Rothery, said in a statement:

“We are very disappointed to learn of this issue… [the University was] taking a precautionary approach to this situation to ensure that our members are protected.”

Simple acts and catastrophic consequences

Although the reports of this incident suggest that the risk is low and that information has not been stolen, the data breach is another classic example of a simple error that can lead to devastating problems.

Human error accounts for a large proportion of data breach cases, and as seen in this case, the simple act of accidentally publishing a password can give easy access to fraudsters and criminals to do some very serious damage.

Take the 56 Dean Street cases we are dealing with as another example.

Emails sent in error to almost 800 people where the list of recipients was not masked or guarded led to a monumental breach of data protection rules.

Data protection goes above and beyond training when we have systems and software we can use to properly protect the data we are responsible for safeguarding.

This incident appears to be a near-miss, unless the data was accessed or downloaded before it was made secure. As with many data breaches of this nature, only time will tell…

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Author on April 20, 2018
Posted in the following categories: Data Security and tagged with |


TalkTalk accused of continuing to neglect cybersecurity
Kensington and Chelsea council fined £120,000 for indeliberate data breach