Saturday, April 20, 2019
  • The American Data Dissemination Act (FTC-ADDA)
  • Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
  • Why Do I Need AD?
  • XKCD, ‘Wanna See the Code?’
  • A Battle-Cry for Oracle EBS Security

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security SBN News Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Data Security » Greenwich University Fined £120,000 by ICO for “Serious” Security Breach

Greenwich University Fined £120,000 by ICO for “Serious” Security Breach

by David Bisson on May 22, 2018

The Information Commissioner’s Office (ICO) fined the University of Greenwich £120,000 for a “serious” security breach of personal data.

On 21 May, the United Kingdom’s Information Commissioner announced the fine. It’s the first time the ICO has levied such a penalty against a university under the Data Protection Act 1998.

According to the ICO’s report on the matter, the trouble started in 2013 when someone compromised a microsite created nine years previously on the web server of Greenwich University’s Computing and Mathematics School. Multiple attackers then leveraged SQL injection against the microsite to upload PHP exploits. These malicious actions enabled the attackers to access other parts of the web server, including databases which contained the personal information for 19,500 staff, faculty, students and other subjects.

A bad actor subsequently exfiltrated that data and published in on Pastebin.

The University of Greenwich eventually learned of the breach in June 2016 following additional compromises of the microsite in April and May of that year.

Steve Eckersley, head of enforcement at the ICO, said the fine reflects the University’s failure to properly secure the information of all its data subjects. As quoted in a statement for the Information Commissioner:

Whilst the microsite was developed in one of the University’s departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution. Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.

The University released its own statement in response to news of the fine. In it, school officials explained how the University invested in new security (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/greenwich-university-fined-120000-by-ico-for-serious-security-breach/

May 22, 2018May 22, 2018 David Bisson Breach, data, ICO, Latest Security News
  • ← How does GDPR impact open source security expectations?
  • Native Structured Query Language →
Featured Blog

Ellen Neveux

What is privileged access management (PAM)?

SecureLink

Proposed Texas Bill Would Regulate Vendor Contracts

Ellen Neveux

SecureLink named a March 2019 Gartner Peer Insights Customers’ Choice for Privileged Access Management

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Microsoft Cloud Breach: Hackers Read Your Email for 90 Days
Russia Imprisoning Sources Associated With U.S. Election Meddling
ERM: Understanding the State of Cybersecurity and Risk
Take Back Control of Your Apps and Data With Cloud Monitoring
With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts
The 4 Deadly Technology Sins of a Small Business
Why Every Leadership Meeting Should Include a Cybersecurity Update
Converged Infrastructure: The Cyber Security Stakes are Higher than Ever
Why Ransomware Continues to Be an Immensely Profitable Business for Bad Actors
Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Upcoming Webinars

There are no upcoming webinars at this time.

Download Free eBook

7 Reasons Why CISOs Should Care About DevSecOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Information Security is a Fundamentals Game
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Information Security is a Fundamentals Game

April 18, 2019 Paul Ziegler | 2 days ago 0
ERM: Understanding the State of Cybersecurity and Risk
Cybersecurity Incident Response Industry Spotlight Network Security Security Boulevard (Original) 

ERM: Understanding the State of Cybersecurity and Risk

April 17, 2019 Dustin Owens | 3 days ago 0
Take Back Control of Your Apps and Data With Cloud Monitoring
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

Take Back Control of Your Apps and Data With Cloud Monitoring

April 16, 2019 Mike Mason | 4 days ago 0

Top Stories

News 

Capsule8 Supports Google Cloud Security Command Center with Security Partner Integration

April 18, 2019 Deb Schalm | 1 day ago 0
With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts
Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight 

With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts

April 18, 2019 Richi Jennings | 1 day ago 0
News 

Meta Networks Recognized by 451 Research for Zero-Trust Software Defined Perimeter

April 16, 2019 Deb Schalm | 3 days ago 0

Security Humor

via  the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, ‘Wanna See the Code?’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.