Greenwich University suffers second data breach this year in apparent ‘revenge hack’ by former student

Leaked details reportedly include student grades and feedback, staff holiday details and 'sickness table' highlighting students with disabilities

Aftab Ali
Student Editor
Monday 20 June 2016 07:38 EDT
Comments
(Rex Features)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The University of Greenwich has suffered its second data breach this year after a reportedly displeased former student leaked confidential details online.

According to the Evening Standard, the hacker managed to get access to the university’s website, stole personal and confidential data, and uploaded details allowing Internet users to access the information via a link.

Details included student contact information, their names, grades and feedback, staff holiday details, conversations between students and staff, and even a “sickness table” which highlighted students with disabilities.

Hacking news site, HackRead, said it obtained a screenshot of the hack along with a message posted by the apparent former student which demonstrated it to have been a “revenge hack.”

According to the site, the hacker wrote: “So due to my elite skills and e-fame, you guys decided to kick me out of University because you couldn’t handle the beast. In response to this, I’ve used the skills I’ve obtained to show you how good I actually am. Please let me come back?”

The details were reportedly “quickly removed” by the university after gathering attention on Twitter. The Independent has contacted the university for comment.

The news comes after the university was affected by a similar data breach in February when a BBC News investigation revealed students’ details could be accessed via a simple Google search, including names, addresses, dates of birth, mobile phone numbers, and signatures which were all uploaded to the university’s website.

In some cases, medical details - including mental health issues - were referenced as a way of explaining why some students had been falling behind on their coursework, and minutes from the university department which oversees registrations and the progress of research students were also posted, as well as staff comments regarding student progress.

The university had told the Independent in an email at the time it was “committed” to protecting confidential data, adding: “We are co-operating fully with the Information Commissioner and will take all steps necessary to ensure we have the best systems in place for the future.”

The Information Commissioner’s Office - responsible for the enforcement of the Data Protection Act as well as for Freedom of Information - said in February it was aware of the incident and was “making enquiries.” The office has said the same again following this second incident.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in