The University of East Anglia (UEA) are facing an investigation over the shocking data breach that saw a number of students have their personal circumstances emailed directly to hundreds of fellow course mates.
The document listed extenuating circumstances of a number of students explaining why certain students were authorised to have an extension on assignments, postpone exams and take time off their course.
Some of the reasons included death or a family member, personal medical and mental health issues, and even sexual assault.
An email was sent by a member of staff to students studying American Studies with the spreadsheet attached. The document lists 172 names with details of their sensitive circumstances.
42 of the students listed were granted extensions or time off.
An email was sent the next day reportedly saying:
“You may have erroneously received an email with a spreadsheet attachment. Could you please delete this without opening/reading. Thank-you very much.”
As creatures of curiosity, this email probably piqued more interest in reading it than preventing it.
Whilst the university has apologised “unreservedly”, it does little for the victims of the data breach. One of the students who was named on the list spoke about the incident, saying it made her feel “sick and horrified”.
Personal circumstances revealed
For many of the students, the circumstances were so personal and sometimes horrific that they probably hadn’t even told their friends. The incident caused a media outcry as students took to twitter to slam UEA for the way it handled the breach. Victims were not immediately contacted and were offered help if they sought it.
Independent investigation
An independent body will be investigating how the university processes the data it controls. It will also no doubt look into how the university deals with this kind of situation, from the beginning of obtaining sensitive information, to how it will make sure students are provided with continual support in dealing with the data breach even after graduation.
The investigation is said to “extend beyond the specific incident itself and cover areas such as the institution’s system, culture and management”.
Mistakes do happen; we’re only human. However, this doesn’t mean that we can just shrug and brush the incident under the carpet. By reviewing the university’s administrative system, culture and management, data risks can be analysed and reduced; hopefully mitigating the potential for more data breaches in the future.
The University has betrayed the trust of the victims involved.
Anyone affected is welcome to contact us for expert help and advice.