Uni staffer's health info blabbed in email list snafu

University leaks personal data for 2nd time in 5 months

By Richard Priday

Posted in Security, 9th November 2017 14:46 GMT

The University of East Anglia has been involved in a personal data breach for the second time in five months.

Around 300 postgraduate students in the received an email on Sunday 5 November which contained "personal information about the health of a member of staff", due to the accidental use of an email distribution list.

UEA's IT department responded by remotely extracting the email from the accounts to which it had been sent. The Social Sciences Faculty then contacted the students explaining what had happened; requesting that those who had been sent the mistaken email respect the privacy of the individual involved, and deleted any additional copies that may have been created by auto-forwarding.

In a statement given to the Norwich Evening News, UEA said: “This was unintentional and clearly should not have happened, and the university apologises unreservedly.

“An urgent investigation into how this happened is under way. The university contacted the member of staff to apologise and will be providing support.

“The University will continue with the roll out of our newly created action plan to prevent incidents like this in the future.”

The previous data breach took place in June this year, when details of 191 students' extenuating circumstances were sent to 298 American Studies undergraduates.

The ICO investigated after UEA referred itself to it, but the university was ruled to have not met the requirements for the commissioner to take action.

We've contacted the university and the ICO for comment.

Notification of personal data breaches will become mandatory when the General Data Protection Regulation comes into force from 25 May 2018. ®

Sign up to our NewsletterGet IT in your inbox daily

27 Comments

More from The Register

HMRC dev support team cc blurtfest: Over 1,400 email addresses blabbed

Developers find out who else is testing HMRC's tools

Dude who claimed he invented email is told by judge: It's safe to say you didn't invent email

Libel lawsuit bounces

Who can save us? It's 2018 and some email is still sent as cleartext

Out of the phone booth comes the IETF in lycra - with the power of STANDARDS!

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

Exploit that changes content of messages after delivery found

Brit intel fingers Iran for brute-force attacks on UK.gov email accounts

Russia, you're off the hook

Yahooooo! says! its! email! is! scrahoooo-ed!

Services down and out for seven hours and counting

Arcserve gobbles up email biz to sate hunger for message archiving

We're trying our best here, OK?

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Message client vendors have had 25 years to get RFC 1342 right

Edinburgh Uni email snafu tells students they won't be graduating

Er, sorry, ignore that, say red-faced admins

White House staffers jabbed with probe over private email use

Clinton calls hypocrisy but somewhat misses the point