Privacy has a price.
£6 per person.
The UK's Information Commissioner has slapped a £120,000 fine on the University of Greenwich after a security cockup by its computing and maths school compromised the data of almost 20,000 individuals. The incident occurred after an academic and a student from the then devolved department developed a microsite to facilitate a …
That seems about an order of magnitude or two more than most fines... per personal ID leaked!
In fact, it shows how leaking more customer data is cheaper than leaking less... if they'd protected half those accounts, it would now cost them £12 per person. But if they leaked twice as much, it brings the fine down to £3 each... ;)
seems to have no idea what websites it has running on it's network*.
Shocking, but not surprising I guess.
Just seems the bad actors were better at scanning for open port 80's than the internal team.
*I presume it was on a network under their control, not just a random one knocked up on a free hosting site.
They have loads..used to work there few years back
I know most of the guys still working there now. They'll be having a good old chuckle at this, it's a laugh and just annoying student data who cares is what they'll be thinking.
They'll be down the Trafalgar Tavern after work having a good old laugh about it....
Personal data lost, it's dreadful, no security, GDPR, should know better, yadda, yadda ... now on to the important bit.
That picture. It looks like the cheapest stock photo ever - no not the price that El Reg stumped up to use it - but the photographer / studio in setting it up. The gowns are made of such thin material I have to wonder if they came from Anne Summers' The Graduate Collection [*]
* No, I'm not going to search to see if such a thing really exists.
[icon: a proper coat ->]
wonder if the student responsible for the creation of the microsite can be traced ?
hopefully he / she isn't involved with anything remotely important, or at the very least the employer may want to know that they have on board a full blown boob in the field of infosec 101
hopefully he / she isn't involved with anything remotely important
Ok, a student made a silly mistake in 2000, years back, when data protection awareness was not really the thing it is today. Again, a student, aka somebody training to become an expert, made a mistake. I guess you are already all-knowing and never make any ?
An expert is a man who has made all the mistakes which can be made, in a narrow field.
I would not blame the student, but the university, because, well, that site should have been put to rest two decades ago, almost, when its purpose was fulfilled (the event was over).
I've worked in a couple of Uni's - Some have so many VM's, nobody really knows what most of them do anymore. They have PB's of stale data going back years that people are too scared to chuck away. Home areas full of downloaded junk that nobody cleans up.
Most Uni's have about 20 or so critical business applications, with maybe 200+ on their service portfoliio, yet they have thousands of VM's doing god knows what...