The University of Greenwich has suffered its second data breach this year after a reportedly displeased former student leaked confidential details online.
According to the Evening Standard, the hacker managed to get access to the university’s website, stole personal and confidential data, and uploaded details allowing Internet users to access the information via a link.
Details included student contact information, their names, grades and feedback, staff holiday details, conversations between students and staff, and even a “sickness table” which highlighted students with disabilities.
Hacking news site, HackRead, said it obtained a screenshot of the hack along with a message posted by the apparent former student which demonstrated it to have been a “revenge hack.”
According to the site, the hacker wrote: “So due to my elite skills and e-fame, you guys decided to kick me out of University because you couldn’t handle the beast. In response to this, I’ve used the skills I’ve obtained to show you how good I actually am. Please let me come back?”
The details were reportedly “quickly removed” by the university after gathering attention on Twitter. The Independent has contacted the university for comment.
The news comes after the university was affected by a similar data breach in February when a BBC News investigation revealed students’ details could be accessed via a simple Google search, including names, addresses, dates of birth, mobile phone numbers, and signatures which were all uploaded to the university’s website.
In some cases, medical details - including mental health issues - were referenced as a way of explaining why some students had been falling behind on their coursework, and minutes from the university department which oversees registrations and the progress of research students were also posted, as well as staff comments regarding student progress.
The university had told the Independent in an email at the time it was “committed” to protecting confidential data, adding: “We are co-operating fully with the Information Commissioner and will take all steps necessary to ensure we have the best systems in place for the future.”
The Information Commissioner’s Office - responsible for the enforcement of the Data Protection Act as well as for Freedom of Information - said in February it was aware of the incident and was “making enquiries.” The office has said the same again following this second incident.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies