A leading university in the UK is under fire after reportedly failing to notify those who had been affected by hackers breaking into their administrative network last year.
Warwick University came under attack when an employee unwittingly installed malware. This malware allowed hackers to lift personal information on students, staff and even volunteers taking part in research studies.
According to Sky News, data protection at the university was so poor that the institution was unable to identify which information had been stolen. As a result, the impact of the incident was compounded.
Rachel-Sandby-Thomas, registrar and executive lead for data protection, apparently decided to not inform those who had their data stored on the admin network about the incident. It is not yet clear whether the ICO was made aware, as the incident would seem to fall under the remit of the GDPR.
However, a recent voluntary audit of the university by the ICO revealed numerous processes and procedures in governance and accountability, the security of personal data and training and awareness. The last category was described as having a “very limited” assurance rating.
It is reported that the university disbanded the data protection privacy group (DPPG), chaired by Sandby-Thomas after the ICO suggested she replaced it. The ICO went onto admit that she didn’t have the “specialist skillset and experience” needed. This is despite her being the executive lead for IT and data protection at the university since 2016.
Sky News saw an internal email that also revealed Sandby-Thomas’s attempt to block the voluntary ICO audit until she was made aware that the alternative was a “compulsory less friendly one.”
Jake Moore, a cybersecurity specialist at ESET, argued that any cover-up of data breach incidents will likely be more harmful than it would have any positive impact.
“It is far better to own up to attacks, especially given that constant attacks against organizations from cyber-criminals across the world mean that breaches will inevitably happen,” he added. “Many people are more forgiving now and tend to appreciate when organizations own up at the earliest opportunity and even show where there have been failings.”