Birmingham City Uni publishes thousands of applicants’ private details

Thousands of unlucky undergrads’ personal details have been leaked after staff at a Birmingham uni accidentally released them.

The personal data of applicants to Birmingham City University, which included addresses and dates of birth, was publicly accessible from FOI website whatdotheyknow.com from January 2012 until June this year.

But victims of the leak were only told this week that their personal data was on show.

The data was leaked as part of a FOI request that asked for statistics about every BCU applicant from 1994-2011.

The private details were accessible via a hidden worksheet in a document revealing how many offers BCU made to sixth formers over the 17 year period.

Bumbling staff at the uni only realised their mistake when a volunteer from Whatdotheyknow.com realised the sensitive data was there and alerted the information office at BCU in June.

The uni only told those affected on Wednesday, nearly two months after the private details were found online.

Jen, a Leicester grad who didn’t end up going to city, but applied to start in 2012, hadn’t thought about the uni till she got an email out of the blue, telling her that her sensitive information was widely available.

She said: “It feels a bit odd, I obviously have no idea who has had access to that detail but I’ve used that info for passwords and security information in the past and I’ve had to change those now just in case.

“I’m not angry at the university because I know they wouldn’t have done it intentionally, I still don’t know how it happened or what the Freedom of Information request was that mean they had to release my details.”

The email that was sent out by Birmingham City said: “The information contained in the workbooks related to your application to the University and included your: name, date of birth, age at entry, University ID, UCAS ID, country of domicile, postal address, email address, previous place of study, course applied for, and outcome of application.

“Because this information was publicly available, there has to be a risk that your privacy may be adversely affected. Unfortunately we are unable to say whether or not this information has been accessed during this period, and if so how many times.”

Jamie-Lee Watkinson, who went to BCU from 2012 to 2013 thinks that everyone who had data leaked deserves compensation.

She said: “Any student involved should get compensation, opur address, date of birth, education details, ucas and uni number, our names etc. Has been all leaked over the Internet.

“There is no evidence atm to say that our information has been leaked into the wrong hands but also there is no evidence to say our information hasn’t.

“You pay £9,000 a year to attend the uni — we don’t expect stuff like this to occur at all. At the end of the day, it’s a breach of the data protection act and they’ve handled it really unprofessionally, they even give you a phone number which doesn’t work. It’s absolutely ridiculous.”

A spokesperson for Birmingham City said: “This incident relates to a Freedom of Information request received in January 2012. Responding to this request, information was supplied to WhatDoTheyKnow.com in a way that, we later became aware, meant confidential data was potentially accessible to the public.

“We take the issue of data protection extremely seriously and very much regret any concern or alarm that this might have caused. We have apologised to everyone and reassured them that personal information was not immediately visible to anyone accessing the site.

“Staff will be working over the weekend to offer advice and support. Anyone who would like more information should email [email protected].”