The University of York, England has published a vast quantity of private student data on its website, detailing the personal details of some 17,000 students, including mobile phone numbers, dates of birth, and qualification grades from earlier education.
The breach, which occurred last week, has been reported to the UK data protection registrar, the Information Commissioner's Office (ICO). The university apologised for the breach of data and initiated a security review of the systems it has in place.
It is unclear whether this is was a result of a disgruntled employee or whether it was a genuine mistake on the part of the university.
Users of the website could access the records of all university staff, faculty members and registered students, totalling nearly 17,000 records. The page in question was not protected by a password wall, meaning anyone and everyone could access the leaked data.
But as a result of the breach, it also exposed a number of external third-party details such as emergency contacts and the names and numbers of family members.
The ICO has the power to fine organisations up to £500,000 ($800,000) and impose criminal sanctions on organisations or businesses which breach Europe's strict guidelines on data protection.
However, it was the university's own student-run newspaper which discovered the data breach in the first place.
The university was 'unavailable for comment' at the time.