Uni staffer's health info blabbed in email list snafu

University leaks personal data for 2nd time in 5 months

By Richard Priday

Posted in Security, 9th November 2017 14:46 GMT

The University of East Anglia has been involved in a personal data breach for the second time in five months.

Around 300 postgraduate students in the received an email on Sunday 5 November which contained "personal information about the health of a member of staff", due to the accidental use of an email distribution list.

UEA's IT department responded by remotely extracting the email from the accounts to which it had been sent. The Social Sciences Faculty then contacted the students explaining what had happened; requesting that those who had been sent the mistaken email respect the privacy of the individual involved, and deleted any additional copies that may have been created by auto-forwarding.

In a statement given to the Norwich Evening News, UEA said: “This was unintentional and clearly should not have happened, and the university apologises unreservedly.

“An urgent investigation into how this happened is under way. The university contacted the member of staff to apologise and will be providing support.

“The University will continue with the roll out of our newly created action plan to prevent incidents like this in the future.”

The previous data breach took place in June this year, when details of 191 students' extenuating circumstances were sent to 298 American Studies undergraduates.

The ICO investigated after UEA referred itself to it, but the university was ruled to have not met the requirements for the commissioner to take action.

We've contacted the university and the ICO for comment.

Notification of personal data breaches will become mandatory when the General Data Protection Regulation comes into force from 25 May 2018. ®

Sign up to our NewsletterGet IT in your inbox daily

27 Comments

More from The Register

TalkTalk ups the (dis)satisfaction ante as UK folk wake up to borked email

New approach to dealing with complaints working wonders

'Every little helps'... unless you want email: Tesco to kill free service

Maintained for 3 years since Brit supermarket quit the ISP game

HMRC dev support team cc blurtfest: Over 1,400 email addresses blabbed

Developers find out who else is testing HMRC's tools

Finally: Historic Eudora email code goes open source

'Member that innocent, pre-Zuckerberg time?

Will the defendant please rise? Utah State Bar hunts for sender of topless email

Mormons miffed by mammary missive

You've got pr0n: Yes, smut by email is latest workaround for UK's looming cock block

Automated filth shows plan just grist to the privacy activists' mill

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats

If a hacker can get into your inbox of ciphered messages, they may be able to read the content

Get the message, PHBs: New York City mulls ban on after-hours biz email

File under: Yeah, good luck with that, nice job you used to have

Dude who claimed he invented email is told by judge: It's safe to say you didn't invent email

Libel lawsuit bounces

Which? leads decrepit email service behind barn, single shot rings out over valley

Users fuming... if only they had a consumer champion to turn to