Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
What is This Claim About?
The University of Greenwich was hit by two cyberattacks in 2016, one in February and another in June.
The data breaches publicly exposed the contact details and, in some cases, medical information of nearly 20,000 students and others.
The ICO investigated the February breach, issuing the university a £120,000 fine.
Who’s Eligible?
You may be eligible to seek compensation if you received confirmation that you were affected by the breach.
Those who were affected would have been notified via letter of the specific information that was leaked about them, according to Group Action Lawyers.
How Much Compensation Will I Receive?
If the case is successful, eligible Class Members will receive compensation for the University of Greenwich losing control of their personal data.
Any amount to be awarded will be determined in court.
How Do I Join?
Contact one of the following about making a claim:
More firms may be added before the case goes to court.
U.K. law firms are looking for claimants who believe their information may have been compromised in a 2016 University of Greenwich data breach.
According to the Information Commissioner’s Office (ICO), the personal data of nearly 20,000 people was accessed in the incident.
The University of Greenwich Data Breach
The breach occurred the night of 16 Feb. 2016, according to IT Pro.
Students’ names, addresses, birth dates and other information appeared on the university’s website, as were the minutes from a meeting of the school’s Faculty Research Degrees Committee, IT Pro reported.
Additional leaked information included student signatures and explanations of medical problems that had led students to fall behind on coursework, as well as supervisors’ comments regarding student progress and copies of emails between students and staff, the BBC reported.
The day after the information appeared online, the University of Greenwich told the BBC it believed all the documents had been taken down and said it had contacted Google about removing cached copies.
A student quickly notified the ICO, which began an investigation, IT Pro reported.
The ICO’s investigation focused on a microsite that had been developed for a 2004 training conference by a student and an academic in the University’s Computing and Mathematics School.
When the event was over, the microsite was not secured or removed; it was eventually compromised in 2013, the ICO determined. Multiple cyberattackers exploited the site’s vulnerability, which allowed them to access the web server.
University Experiences A Second Data Breach
A second data breach was reported at the university in June 2016.
Infosecurity Magazine reported a hacker used a SQL injection attack to access and leak additional students’ personal details online after compromising the university’s website and database, this time in the Faculty of Architecture, Computing and Humanities.
The cyberattacker defaced a web page and inserted a link to the data on the dark web, along with a message, according to Infosecurity Magazine.
“So due to my elite skills and e-fame, you guys decided to kick me out of University because you couldn’t handle the beast,” the hacker wrote. “In response to this, I’ve used the skills I’ve obtained to show you how good I actually am. Please let me come back.”
More than 21,000 email accounts and log-ins were reportedly exposed in the attack, in addition to full names, contact information, a spreadsheet with the details of staff members’ medical problems and other information.
The leak also exposed the data of students who had only applied for courses, Infosecurity Magazine reported.
University Fined For Breach
In May 2018, the University of Greenwich became the first university to be fined by the ICO under the Data Protection Act 1998.
The ICO fined the University of Greenwich £120,000 over the February 2016 breach.
The watchdog found the university had not had sufficient “technical and organisational measures” in place to ensure hackers could not access its systems.
In a statement regarding the fine, the University of Greenwich said it did not plan to appeal the fine, but would take advantage of a “prompt payment discount” that would lower the fine to £96,000.
The university added it has put a number of security measures in place since 2016.
The school said it had made “major investments” in its security technologies and architecture, hired internal experts to focus on information security, developed a rapid incident response plan and conducted daily vulnerability testing, among other things.
“Taken together,” the university said, “these important steps amount to an unprecedented overhaul of our data protection and security systems, and our stakeholders can have confidence in the enhanced measures we now have in place.”
“We take this extremely seriously, and would like to apologise again to those who may have been affected,” the university said.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.