University of Greenwich fined £120,000.00 by the ICO

UPDATE: PLEASE NOTE THAT WE ARE NO LONGER ABLE TO ACCEPT NEW CASES IN THIS MATTER.

The University of Greenwich has been fined £120,000.00 by the ICO (Information Commissioner’s Office) after being found guilty of allowing personal and sensitive data they hold to be exposed.

The fine comes off the back of a serious data breach where the data for some 20,000 university students and staff was compromised from a micro-site that had been used in 2004 for a training conference. This micro-site was not closed or secured, and was comprised in 2013, and then multiple attacks in 2016 allowed hackers access to the university’s web-server.

The ICO found that the University of Greenwich failed in their important duty to ensure that the data they held was safe and secure. This was a preventable data breach, which means that it’s hard to escape responsibility for it.

There’s no excuse for being lazy or lackadaisical when it comes to data protection and cybersecurity. Organisations must ensure that they do not leave themselves open and vulnerable to attacks and breaches, particularly in an age where criminals are able to identify and exploit known vulnerabilities.

Last year’s WannaCry attack was a prime example of how outdated systems can mean increased vulnerability.

We’re not surprised by the fine levied on the University of Greenwich, although they may want to count themselves lucky given that the new GDPR that came into force last week could have seen a fine of this nature being in the millions had it have happened later this year. We’re representing a number of individuals who have been affected by a separate University of Greenwich data breach, and we’d expect that, given the multiple breaches and the fine imposed, they will step up their cybersecurity and data protection efforts.

Steve Eckersley, Head of enforcement at the ICO, said that the university, as a data controller: “is responsible for the security of data throughout the institution.”

He went on to say: “Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.”

If you have been affected by a University of Greenwich data breach and you have yet to speak to us about whether you may be entitled to data breach compensation, please contact our team as soon as you can.

We are representing victims of University of Greenwich data breaches, and given the course of the claims we are running so far, we are confident we can bring claims to a successful conclusion, and we’re offering our representation on a No Win, No Fee basis.

UPDATE: PLEASE NOTE THAT WE ARE NO LONGER ABLE TO ACCEPT NEW CASES IN THIS MATTER.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.