Plymouth University Data Breach - Staff Salaries Resurface

There has been a serious breach at Plymouth University which has seen more than 200 staff members’ salaries leaked.

An investigation, undertaken by Plymouth University solicitors, is well under way. It transpires that a confidential spreadsheet noting 240 senior staff members’ salaries was erroneously sent to an incorrect email address in June 2015.

At the time, the data breach was reported to the Information Commissioner’s Office (ICO). The ICO has a general duty to investigate complaints from members of the public who believe that an authority/business has failed to protect their data. However, no further action was taken after the person who received the spreadsheet promised that they had deleted the document.

Spreadsheet was circulated

In a shock turn of events, the document was forwarded to the Plymouth Herald this week from an unknown source, meaning the data breach has resurfaced, and yet again 240 staff members’ personal and sensitive information is at risk. Plymouth Herald noted they were unable to reveal the precise details of what the spreadsheet contained, due to legal reasons, but it contained detailed information about 245 senior managers’ salaries, allowances, and pension plans.

Personal data

University solicitor, Matthew Jackson, said:

“The information is personal data relating to members of our staff, and as such is confidential.”

Personal information of this nature is protected under the Data Protection Act (DPA). Mr Jackson continues to say:

“…it is clear from the face of this document that this information should not have been sent to you [the Plymouth Herald] or any third party. We should be grateful if you would delete this information from your records immediately and confirm to us in writing when you have done so.”

According to Mr Jackson, all of the affected staff members were notified of the breach at the time it happened and they received a promise from the recipient that no copies of the spreadsheet were circulated or retained. This obviously isn’t the case as the information has come to light again.

In 2015, the ICO didn’t probe any further as they were satisfied that the university had dealt with the data breach in accordance with the DPA by addressing the unauthorised disclosure. Mr Jackson highlights his concerns by saying,

“Against this background and almost two years after the original event, we are very concerned that this information has now been sent to the Herald.”

It makes us wonder: where else is in the information? We are now far too familiar with the circulation of sensitive personal information on the dark web…

The perpetrator remains anonymous, and Mr Jackson calls for the source of the information to come forward. We presume this is so that appropriate steps can be taken to protect the university’s employees and their personal data.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.