Warwick University, one of the top-24 universities in the United Kingdom, has come under fire after reportedly failing to notify impacted persons after a hacker breached its administrative network last year.
The hacker gained access to the university’s system when a staff member unwittingly installed malware. Once in the system, the hacker stole information on students, staff, and volunteers participating in research studies. But Warwick University’s data protection policies were so weak that the university reportedly could not ascertain what information was stolen, significantly impeding its ability to respond swiftly and decisively.
Rachel Sandby-Thomas, the registrar and executive lead for data protection, allegedly made the decision not to inform people whose information was stored on the administrative network about the breach. It is unclear whether the UK Information Commissioner’s Office (ICO) was promptly informed of the hack. After an investigation into the hack, the ICO suggested Sandby-Thomas be replaced as the chief for data protection.
source: Infosecurity Magazine