Data breach affecting a University system

Posted on 30 July 2019

A system containing student data at the University of York has been subject to a malicious data breach.

This resulted in the administrative records of 88 students being directly accessed, with the
perpetrator able to view some private information. There was no access to any financial information
or other sensitive data.

Very basic data on a further 4,400 students was also downloaded. This data was much less detailed
and contained basic information. Again, no financial or sensitive information was accessed.

We are not aware of any students being subject to further targeting, such as attempted fraud, as a
result of this data being accessed.

What happens now?

We are in the process of contacting the 88 students who had their records directly accessed to alert
them.

The matter has been reported to the Information Commissioner’s Office (ICO) and we are liaising
with the National Crime Agency regarding the breach.

Because this is an ongoing police investigation we will not be making any further comment at this
stage.

What should you do?

It is always important to be aware of the risks of data theft and misuse. If you have any concerns
about the security of your account or any messages that you receive (unexpected requests for
payment or your passwords), please contact the IT Support Office by email to itsupport@york.ac.uk.