Coventry University leaks nearly 2,000 students’ personal details

The information breach went unnoticed for 28 days

Nearly 2,000 students' personal details were leaked due to "an accidental data breach", according to an email sent out by Deputy Vice Chancellor Ian Marshall last week.

A spreadsheet containing student details was attached to an email leadership training event which was sent to 1,930 students.

The incident occurred on November 17th but the university was only made aware of the breach on the 15th of December, nearly a month later.

The details leaked included full names of students, student ID numbers, phone numbers, university email addresses, and information about student's courses.

University IT professionals managed to delete the email from its recipient’s inboxes, but if anyone opened the email during the 28-day time period before any action was taken they would have access to nearly 2,000 students' information.

The initial email sent to the 1,930 students affected was not able to be forwarded due to the "sensitive nature" of the email.

Image may contain: Campus, Urban, Neighborhood, Building

"The uni really has down played what could be done with that spreadsheet" according to Jack, a second year computer science student.

Speaking to The Tab, Coventry University said: "We became aware of the incident on Friday 15th December 2017. Steps were taken to contain the data at the point that the incident was detected. Since then we have been carrying out an internal investigation and, as a result, we felt now was the right time to contact you."

"The University has taken every action to remove the data. We have apologised to all students affected and are reviewing our processes."

The processes mentioned in the email included speaking to ICO (Information Commissioner’s Office) the official body that regulates whether people are following the data protection act.

More
Coventry University