Security

Uni staffer's health info blabbed in email list snafu

University leaks personal data for 2nd time in 5 months

By Richard Priday

27 SHARE

The University of East Anglia has been involved in a personal data breach for the second time in five months.

Around 300 postgraduate students in the received an email on Sunday 5 November which contained "personal information about the health of a member of staff", due to the accidental use of an email distribution list.

UEA's IT department responded by remotely extracting the email from the accounts to which it had been sent. The Social Sciences Faculty then contacted the students explaining what had happened; requesting that those who had been sent the mistaken email respect the privacy of the individual involved, and deleted any additional copies that may have been created by auto-forwarding.

In a statement given to the Norwich Evening News, UEA said: “This was unintentional and clearly should not have happened, and the university apologises unreservedly.

“An urgent investigation into how this happened is under way. The university contacted the member of staff to apologise and will be providing support.

“The University will continue with the roll out of our newly created action plan to prevent incidents like this in the future.”

The previous data breach took place in June this year, when details of 191 students' extenuating circumstances were sent to 298 American Studies undergraduates.

The ICO investigated after UEA referred itself to it, but the university was ruled to have not met the requirements for the commissioner to take action.

We've contacted the university and the ICO for comment.

Notification of personal data breaches will become mandatory when the General Data Protection Regulation comes into force from 25 May 2018. ®

Sign up to our NewsletterGet IT in your inbox daily

27 Comments

More from The Register

Prank 'Give me a raise!' email nearly lands sysadmin with dismissal

Who, Me? Staffer learns hard way: boss jokes don't mix well with infosec demos

TalkTalk ups the (dis)satisfaction ante as UK folk wake up to borked email

New approach to dealing with complaints working wonders

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

Breach identified potential victims taking part in probe

'Every little helps'... unless you want email: Tesco to kill free service

Maintained for 3 years since Brit supermarket quit the ISP game

Putting the ass in Atlassian: Helpdesk email server passwords blabbed to strangers

Exclusive Logins misdirected to wrong boxes by Jira toolkit

HMRC dev support team cc blurtfest: Over 1,400 email addresses blabbed

Developers find out who else is testing HMRC's tools

Boffin botheration as IET lifts axe on 20-year-old email alias service

IET phone home. Just don't email...

Finally: Historic Eudora email code goes open source

'Member that innocent, pre-Zuckerberg time?

Priceless: The cost to BT for bothering you with spam? 1.5 UK pence per email

Incumbent telco fined £77k for sending 5 million of the things

Law forcing Feds to get warrants for email slurping is sneaked into US military budget

House slips privacy rules into Senate's files, crosses fingers