PERSONAL details of 17,000 York students and residents have been accidentally leaked online.

Students’ addresses, phone numbers and even A-level results were published on the University of York website. Dates of birth, phone numbers and the phone numbers and addresses of emergency contacts were also made freely accessible.

The university has apologised and has informed the Information Commissioner, which has the power to fine organisations up to £500,000.

Gus Hosein, of campaign group Privacy International, said: “That’s the largest breach I have heard of in the UK.

“There could be a significant fine now the Commissioner has fining powers.

“It’s appalling. If the university cannot secure the information it should not be collecting it.”

The students affected include those on undergraduate and post-graduate courses as well as those taking part-time study and evening classes. The university has said that 148 individual records were accessed via the site and that those involved would be contacted.

Hannah Ellis-Petersen, the editor of the university student newspaper Nouse, which first revealed the breach, said: “It has been running for a week. Even when I did not enter any details into the website it said 17,094 names were registered, which is everyone at the university.

“Anyone could get on this website. Everyone feels their personal privacy has been invaded.”

A spokesman for the university said an investigation was under way.

“It could not confirm the number of details leaked but said there are currently only 16,948 students registered at the university.

Dr David Duncan, the registrar at the university said: “It has come to our attention that there has been an unauthorised breach of student records.

“The university has taken immediate action to rectify this problem.

“We are also investigating all procedures and management systems and will undertake a thorough review of our data security arrangements.

“The Information Commissioner has been informed. I would like to apologise to everyone who has been affected by this breach.”

Timothy Ngwena, University of York Student Union president, said: “For students, such a mistake is concerning given the level of detailed information the university keeps about its students – from the course they study all the way through their attainment prior to coming to university.”


York Press: The Press comment

Privacy dealt a blow by breach

THE University of York has apologised after inadvertently leaking the personal details of up to 17,000 of its students online.

The information published on its website included students’ dates of birth, telephone numbers – and even the telephone numbers and addresses of emergency contacts.

This is a shocking breach of students’ personal privacy – one for which the university could, in theory, face a fine of up to £500,000.

Students whose information has been released in this way could be forgiven for feeling let down by an institution in which they have placed their trust. Many do indeed feel their privacy has been invaded, according to Hannah Ellis-Petersen, the editor of the university student newspaper Nouse.

In this age of identity fraud, public bodies have a particular duty to protect the electronic information we entrust them with. The university signally failed in that duty in this case.

Registrar Dr David Duncan has rightly issued an apology. The university is also undertaking a thorough review of data security arrangements, Dr Duncan said, as well as investigating its procedures and management systems.

Quite right, too. But the institution needs to go further. Once it has got to the bottom of exactly how this sensitive personal information came to be released, it must explain to students what went wrong, and ensure such a thing cannot happen again.

Only then will it begin to regain their trust.

York Press: What do you think?