Tuesday 23 April 2019

Sensitive university student data is leaked online

College is reported to watchdog after grant applications are leaked

College is reported to watchdog after grant applications are leaked
College is reported to watchdog after grant applications are leaked
Wayne O'Connor

Wayne O'Connor

THE University of Limerick has been reported to the Data Protection Commissioner after grant application details, including parents' incomes and student bank account details were made available online.

Students who had applied to the college for a Student Assistance Fund grant between Friday evening and Sunday had their grant applications posted online over the weekend.

Seven students had their personal information and grant applications posted on UL's website.

Every student had their BIC and IBAN banking codes, used to transfer money internationally, inadvertently leaked after they submitted the numbers in the hope of receiving payments.

Many also had other bank account details published, including bank statements. Data about the financial earnings of students, their parents or guardians and their spouses was also revealed by the university. The information was removed from the website yesterday.

A spokesperson for the Data Protection Commissioner confirmed that it had received a complaint in relation to the breach and it was being assessed ahead of the decision to conduct a formal investigation.

"As the material no longer appears to be available on the website, part of our assessment will likely entail contacting UL for its views in the matter before any decision on the need for a formal investigation is made," she said.

Anybody who applied for the grant had to disclose personal information about the earnings in their household as well as information on expenses.

Students with dependent children or siblings also had to disclose their names and the schools they attend.

This information was also disclosed on the website.

One 19-year-old student had to state that his parents were both unemployed. He had attached details of their earnings and a letter from the Department of Social Protection outlining how much his mother had received in social welfare payments in 2013 and this was made available on the site.

Four more students had their own statements from the Department of Social Protection leaked inadvertently.

The mother of one student had a letter from her employer outlining her weekly earnings published and her son's tax details were also made available.

Another student had his spouse's tax balancing statement attached to his application. There was also information on how much each student was spending and their college expenses.

UL were not able to give the Irish Independent a definite figure for the number of students affected or confirm how the breach came about.

However, the application process is new and prior to October, students had to apply in writing for the grant.

"The University of Limerick takes any potential breach of data security extremely seriously and a full investigation and review is currently underway to determine how this alleged breach took place," said a spokesperson.

"All data submitted to the University via this funding application process is absolutely secure," she added.

"We regret any inadvertent breach that may have occurred and we will engage fully with the Data Protection Commissioner should the need arise."

The University said the investigation is at a very early stage and that they have not yet been able to compile the technical data to assess who was affected.

All of the affected students had their name, address, course details and student numbers disclosed. Potentially, any UL student would have been able to access the information with their college user-name and password while applying for the grant or reassessing their own application.

Irish Independent

Editor's Choice

Also in Irish News