Published on April 28th, 2020 📆 | 7765 Views ⚑
0Warwick Uni Under Fire After Reported Breach Cover-Up
A leading UK university has come under fire after reportedly failing to notify those affected after hackers breached its administrative network last year.
Warwick University, a member of the Russell Group comprising the countryâs top 24 universities, suffered the attack when an employee unwittingly installed malware. That reportedly allowed hackers to lift personal information on students, staff and volunteers taking part in research studies.
However, the impact of the incident was compounded because data protection at the university was so poor that the institution couldnât identify which information had been stolen, according to Sky News.
Registrar and executive lead for data protection, Rachel Sandby-Thomas, apparently took the decision not to inform those whose data was stored on the admin network about the incident. Itâs unclear whether regulator the Information Commissionerâs Office (ICO) was told, as the incident would seem to fall under the remit of the GDPR.
However, a voluntary audit of the university by the ICO, published in March, revealed multiple failings of processes and procedures in governance and accountability, security of personal data and training and awareness. The latter category was described as having a âvery limitedâ assurance rating.
The university apparently disbanded the data protection privacy group (DPPG) that Sandby-Thomas chaired after the ICO suggested she be replaced, admitting that she didnât have the âspecialist skill set and experienceâ needed, according to the news report.
Thatâs despite the individual having been the executive lead for IT and data protection at the Uni since 2016.
An internal email seen by the news channel also revealed that Sandby-Thomas tried to block the voluntary ICO audit until she was told that the alternative was a âcompulsory less friendly one.â
Jake Moore, cybersecurity specialist at ESET, argued that any cover-up of data breach incidents is likely to do more harm than good.
âIt is far better to own up to attacks, especially given that constant attacks against organizations from cyber-criminals across the world mean that breaches will inevitably happen,â he added. âMany people are more forgiving now and tend to appreciate when organizations own up at the earliest opportunity and even show where there have been failings.â
Gloss