The University of York has leaked confidential personal information on students due to website security vulnerabilities.
Details including mobile phone numbers, addresses and A-Level grades of an estimated 17,000 students were exposed as a result of the breach.
University administrators have reported the incident to privacy watchdogs at the Information Comissioners Office. Meanwhile an internal investigation is taking place.
The sensitive data was exposed on a student inquiry page of the university's website accessible to world + dog, not just faculty members, and without any need to log into the site. The student union was expressed particular concern that students’ registered emergency contacts were also exposed by the breach, an aspect of the snafu that meant the breach also affected friends and family of students.
University authorities have admitted the breach and apologised to the affected students as well as promising to tighten up security at the tertiary education facility, the BBC reports.
Aziz Maakaroun, business development director at a vulnerability management specialist Outpost24, said the breach stemmed from a failure to follow best practices on website security.
“Vulnerabilities in websites make it all too easy for hackers to tamper with the content – in this case, posting personal data on the student enquiry page of the University’s public website," Maakaroun said. "To stop this from happening, it is vital that organisations take a more proactive approach to their security by continually scanning for web vulnerabilities which hackers find relatively easy to exploit.” ®