UEA suffers data breach blunder

The University of East Anglia (UEA) has suffered a data breach after an email containing sensitive medical information about a staff member was sent to about 300 students. This is the second breach in five months for UEA, both of which were reported to have been caused by human error.

A university spokeswoman said:

This was unintentional and clearly should not have happened, and the university apologises unreservedly.

Steps were taken to immediately recall the message, and the university contacted the member of staff to apologise and offer support.

An urgent investigation into how this happened is under way and we will make any changes necessary to the new data protection systems and training currently being rolled out to prevent incidents like this happening in the future.

Speaking to Silicon UK, UEA said:

We will continue to keep the new policies and training under review. This latest incident suggests we are making the correct changes but regretfully it is impossible to complete all of them simultaneously due to the complexity of the tasks.

The steps that the university is taking have been imposed upon them by the Information Commissioner’s Office (ICO), and are in response to a breach earlier in the year. It is apparent that the university is having issues coordinating and executing these changes as part of their its “agreed data protection action plan”. As this is a reactive response rather than proactive, UEA is under pressure to complete the tasks.

Educating staff

When it comes to implementing staff awareness training as part of a wider security strategy, we advise being proactive. It needs to be ongoing and continually reinforced across the organisation to reiterate the importance of compliance and security. If correctly executed, it will also help staff to develop good habits, as they will understand the consequences of their actions.

Find out more about staff awareness training >>

Alternatively, consider our Security Awareness Programme, which creates a total culture change and tackles employee behaviour to generate tangible and lasting organisation-wide security awareness. Find out more >>