Thursday, February 9, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • The Dark Detectives: How to Defeat Reconnaissance-as-a-Service
  • Gamifying Security
  • Super Bowl Cybersecurity: Safeguarding Your Viral Moment
  • Why Secure Email Gateways Can Fall Short and How to Overcome Them
  • 4 Insights Into the State of Threat Detection and Response
Data Security SBN News Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Data Security » Greenwich University Fined £120,000 by ICO for “Serious” Security Breach

SBN

Greenwich University Fined £120,000 by ICO for “Serious” Security Breach

by David Bisson on May 22, 2018

The Information Commissioner’s Office (ICO) fined the University of Greenwich £120,000 for a “serious” security breach of personal data.

TechStrong Con 2023Sponsorships Available

On 21 May, the United Kingdom’s Information Commissioner announced the fine. It’s the first time the ICO has levied such a penalty against a university under the Data Protection Act 1998.

According to the ICO’s report on the matter, the trouble started in 2013 when someone compromised a microsite created nine years previously on the web server of Greenwich University’s Computing and Mathematics School. Multiple attackers then leveraged SQL injection against the microsite to upload PHP exploits. These malicious actions enabled the attackers to access other parts of the web server, including databases which contained the personal information for 19,500 staff, faculty, students and other subjects.

A bad actor subsequently exfiltrated that data and published in on Pastebin.

The University of Greenwich eventually learned of the breach in June 2016 following additional compromises of the microsite in April and May of that year.

Steve Eckersley, head of enforcement at the ICO, said the fine reflects the University’s failure to properly secure the information of all its data subjects. As quoted in a statement for the Information Commissioner:

Whilst the microsite was developed in one of the University’s departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution. Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.

The University released its own statement in response to news of the fine. In it, school officials explained how the University invested in new security (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/greenwich-university-fined-120000-by-ico-for-serious-security-breach/

May 22, 2018May 22, 2018 David Bisson Breach, data, ICO, Latest Security News
  • ← Cast your vote for Hotforsecurity at the European Security Bloggers Awards
  • Native Structured Query Language →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42
6clicks Taps GPT-3 to Automate Writing of GRC Controls
ChatGPT-Written Malware Will Change the Threat Landscape
Third-Party Breaches Impact Vast Majority of Organizations
Hunter Biden’s Laptop Revisited: What it Means for Cloud Storage
GUEST ESSAY: The common thread between China’s spy balloons and Congress banning Tik Tok
Let’s Talk About the Upside of Quantum Computing
Finland’s Most-Wanted Hacker Nabbed in France
Multi-Tenant Data Security for Databases with Record-Level Encryption
Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Upcoming Webinars

Mon 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Wed 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Wed 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Tue 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Wed 22

3 Steps to Software Supply Chain Security Success in 2023

February 22 @ 1:00 pm - 2:00 pm
Tue 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm
Mar 20

Software Supply Chain Security

March 20 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Humor Identity & Access Incident Response Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology

February 3, 2023 Richi Jennings | Feb 03 0
‘Finish Him!’ US Kills Huawei With Final Tech Ban
AI and Machine Learning in Security AI and ML in Security Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Finish Him!’ US Kills Huawei With Final Tech Ban

February 1, 2023 Richi Jennings | Feb 01 0
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0

Top Stories

6clicks Taps GPT-3 to Automate Writing of GRC Controls
Cybersecurity Featured Governance, Risk & Compliance News Security Awareness Security Boulevard (Original) Spotlight 

6clicks Taps GPT-3 to Automate Writing of GRC Controls

February 8, 2023 Michael Vizard | Yesterday 0
Splunk: Cybercriminals Use These Types of TTPs
Cybersecurity Featured Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

Splunk: Cybercriminals Use These Types of TTPs

February 7, 2023 Michael Vizard | 1 day ago 0
Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

February 6, 2023 Richi Jennings | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Electron Color’

Randall Munroe’s XKCD ‘Electron Color’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Logging, Management and Analytics

Step 1 of 4

25%
Currently, our log management solution is:
Currently, our log management solution is:
We use log management to help us understand:
As we move to the cloud, logs become:
This field is for validation purposes and should be left unchanged.