Security

Uni staffer's health info blabbed in email list snafu

University leaks personal data for 2nd time in 5 months

By Richard Priday

27 SHARE

The University of East Anglia has been involved in a personal data breach for the second time in five months.

Around 300 postgraduate students in the received an email on Sunday 5 November which contained "personal information about the health of a member of staff", due to the accidental use of an email distribution list.

UEA's IT department responded by remotely extracting the email from the accounts to which it had been sent. The Social Sciences Faculty then contacted the students explaining what had happened; requesting that those who had been sent the mistaken email respect the privacy of the individual involved, and deleted any additional copies that may have been created by auto-forwarding.

In a statement given to the Norwich Evening News, UEA said: “This was unintentional and clearly should not have happened, and the university apologises unreservedly.

“An urgent investigation into how this happened is under way. The university contacted the member of staff to apologise and will be providing support.

“The University will continue with the roll out of our newly created action plan to prevent incidents like this in the future.”

The previous data breach took place in June this year, when details of 191 students' extenuating circumstances were sent to 298 American Studies undergraduates.

The ICO investigated after UEA referred itself to it, but the university was ruled to have not met the requirements for the commissioner to take action.

We've contacted the university and the ICO for comment.

Notification of personal data breaches will become mandatory when the General Data Protection Regulation comes into force from 25 May 2018. ®

Sign up to our NewsletterGet IT in your inbox daily

27 Comments

More from The Register

Welcome! Mimecast finds interesting door policies on email filters

Microsoft and Proofpoint servers ushered in 15,656 malware attachments

Footie fans calling for a red card over West Ham United CC email blunder

If you're after an away ticket, now you know who to call

US State Department confirms: Unclassified staff email boxes hacked

Pompeo's peeps get free credit monitoring after some inboxes cracked open, data swiped

Prank 'Give me a raise!' email nearly lands sysadmin with dismissal

Who, Me? Staffer learns hard way: boss jokes don't mix well with infosec demos

Baddies just need one email account with clout to unleash phishing hell

Outsiders realised uni was hacked before uni did

Sendgrid blurts out OWN customers' email addresses with no help from hackers

Along came some spiders and saw the unsubscribers...

TalkTalk ups the (dis)satisfaction ante as UK folk wake up to borked email

New approach to dealing with complaints working wonders

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

Breach identified potential victims taking part in probe

Email security crisis... What email security crisis?

Let them eat phish

Princely five years in US big house for Nigerian biz email scammer

Bloke copped to $25m spear-phishing shenanigans