The Information Commissioner's Office has reprimanded the University of York for stuffing up its IT systems so that student records were accessible to anyone.

The ICO blamed a staff member who "failed to realise they had made an error while carrying out work on the University's IT system".

The screw-up resulted in student records being left on a test area of the university's website. Even though there was no direct link from the main site, 148 records were accessed.

Information included dates of birth, mobile numbers, A level results and addresses.

The uni left the files online for over a year from September 2009. Students could access files belonging to other students.

The ICO said because the data was relatively harmless it decided not to fine the university.

Brian Cantor, chancellor of the University of York, signed an undertaking to improve data protection and annual audits of data security.

The ICO is about to launch a campaign to raise awareness of data protection among young people. ®

Related stories

• Job-seeking university bods panic over incriminating online info (26 October 2011)

  https://www.theregister.com/2011/10/26/information_commissioner_identity_future_job_prospects/

• Toshiba in Rugby World Cup personal data compo cockup (6 September 2011)

  https://www.theregister.com/2011/09/06/toshiba_rugby_world_cup_data_spill/

• Steelie Neelie: 'Help us form Brussels data breach policy' (14 July 2011)

  https://www.theregister.com/2011/07/14/europe_data_loss/

• ICO: Volunteer to be audited by us, we might not bust you (7 July 2011)

  https://www.theregister.com/2011/07/07/ico_annual_report/

• ICO orders release of (mostly useless) weather station data (28 June 2011)

  https://www.theregister.com/2011/06/28/ico_climategate/

• Two fined for mobile data theft (10 June 2011)

  https://www.theregister.com/2011/06/10/ico_tmobile_data/