Oxford University recently revealed names of nearly 500 students who are beneficiaries of the Moritz-Heyman Scholarship Programme which is aimed at helping students suffering from financial hardship.
Oxford University have apologised for the ‘inadvertent’ blunder and have said that they take data security “very seriously”.
Oxford University recently sent out an email about career opportunities to students who are beneficiaries of the Moritz-Heyman Scholarship Programme. The scholarship programme covers living costs, tuition fees and access to internships for scholars who are suffering from financial hardship and cannot fund their education and related expenses on their own.
Even though the email did not contain any personal information or financial details about scholars who are beneficiaries of the programme, those who sent the email copied email addresses of nearly 500 students as ‘cc’ instead of ‘bcc’. Because of this blunder, recipients were able to view email addresses of all other students who were beneficiaries of the hardship bursary.
“A recent email about career opportunities, sent to current Moritz-Heyman scholars, inadvertently copied in students as ‘CC’, as opposed to ‘BCC’ as had been intended,” said an Oxford University spokesperson.
“This allowed recipients to see the Oxford email addresses of all other recipients. No other personal details were included in the email and no third parties were involved. The students involved received an apology as soon as we became aware of the error,” the spokesperson added.
Despite the University’s apology, the damage had already been done. According to The Telegraph, a second-year student said that recipients were astounded after witnessing the leak and that information leaked by Oxford University was private information that was entrusted by the students with the University.
The leak reminds us of a similar incident in June when the University of East Anglia mistakenly shared personal and sensitive details about certain students with hundreds of others via an e-mail. Information shared with the recipients contained details about health problems, personal issues and family bereavements of as many as 42 students. These students had sought extensions and other academic concessions based on such circumstances.
The UEA Students’ Union termed the incident ‘a shocking and utterly unacceptable data breach that should never have happened.’
‘This incident reinforces the need for “data aware” security technologies in the education sector. This helps protect data at source, removing the risk factor associated with human error and insider threats,’ said Thomas Fischer, Global Security Advocate at Digital Guardian.
‘Universities have a duty of care to their students and must better prioritise data protection so that mistakes like this don’t happen again,’ he added.