Legal help for data breach compensation claims

Lessons learned: the university that came under fire for leaking sensitive and confidential data on its students

Posted by Editor on February 13, 2018 in the following categories: Data and tagged with |

university data breach

The University of East Anglia (UEA) was met with anger and disappointment from students and the general public when it was revealed that a member of staff made a horrific error when they sent out a spreadsheet listing named students’ extenuating circumstances. The spreadsheet identified some 40 students by name and student ID numbers, and had their private and confidential information right next to their names.

The spreadsheet showed which students were entitled to things like longer deadlines as their extenuating circumstances included personal matters such as family illnesses and bereavements; mental health problems, including depression; and even sexual assaults.

The list of confidential information reportedly concerned students studying Art, Media and American Studies. This meant that the students who received the email were likely to be classmates or know those listed on the spreadsheet. The 40 students were also likely to have received the controversial email themselves.

After the mistake was made, a follow-up email was quickly sent asking recipients not to view the list.

“You may have erroneously received an email with a spreadsheet attachment. Could you please delete this without opening/reading. Thank-you very much.”

An “urgent inquiry” was launched by the University, but at the end of the day, this was an avoidable administrative error. Sensitive and private information like the data on the spreadsheet needs to be looked after with great caution, and there are ways and means of data like that being protected from falling into the wrong hands. At the very least, passwords and encryption can provide some sort of barrier to hinder unauthorised access.

Even though a password-protected spreadsheet may not be able to stop someone with the skills to get around it, it could prevent the 320 students from being able to access the spreadsheet by just clicking on the file.

Affected students were understandably furious and upset by the error. One student said:

“… [I] felt sick at seeing my personal situation written in a spreadsheet, and then seemingly sent to everyone on my course. My situation was not the worst on there but there are some on there that are so personal. There are people I know and I feel so awful for them and can’t imagine how they are feeling.”

Other students, who were unaffected but outraged by the incident, took to twitter to blast the University’s handling of the breach. UEA’s twitter statement said that the university, “apologises unreservedly for email sent in error to 320 American Studies students. Affected students can call 01603 592761 for support”.

One reply stated simply: “This isn’t good enough”.

Other users condemned the tweet for asking affected students to step forward and contact the University. The University then confirmed they themselves would contact students affected.

The Student Union body didn’t hold back in their anger over the University’s mistake either. The Union’s Education Officer, Theo Antoniou Phillips, labelled the breach as “shocking and utterly unacceptable” and one that “never should have happened”.

The Welfare, Community and Diversity Officer slammed the incident as, “a real slap in the face to students who have sought support”.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.


Deloitte belittles data breach for affecting “very few” clients
Whole Foods Market hacked, reportedly compromising customer credit card data
%d bloggers like this: