Thousands of student emails exchanged in data breach

Thousands of student emails exchanged in data breach

Summary: The Student Loans Company, UK, has come under fire after releasing thousands of student email addresses.

SHARE:
TOPICS: Collaboration
2

The Student Loans Company in England is responsible for thousands of government-sponsored loans for students who are either entering higher education or already in the system every year. Due to a human rather than system failure, thousands of email addresses have been inadvertently released in to the public domain.

This week, over 8,000 students who are due to begin university this academic year were sent email reminders to complete and submit their application forms for loans and grant payments. If they had begun their application but had not completed it online, then the email was sent by the SLC as a standard reminder.

However, the SLC staff that were in control of this process inadvertently included an attachment that contained the emails of every recipient -- which was then received by each of the 8,000 to-be students.

In a following statement, the Student Loans Company apologized for the error, stating:

"The information was sent in error and only included email addresses, no other personal student data was shared […] The integrity and security of student accounts and the protection of personal information is vital to us, and we apologise to all of the students involved."

The agency has been in touch with all of the students involved in the blunder.

This kind of mistake fortunately only included the email addresses of the students, but it does serve as a reminder of how only one small human error can result in a serious data protection breach.

One student contacted the BBC and said:

"This is such a disgusting error in the security of students' data. They can't get away with it."

On occasion, many firms suffer security breaches due to human mistakes, system disruption or deliberate hacking by third parties. However, it is necessary to both train and remind staff within these organisations that one small mistake can have catastrophic consequences – not only for the individuals involved, but for the firm itself.

The flow and exchange of data online is difficult to control. To someone who specializes in fraud aimed at students, that attachment, even though it only contains email addresses, can be considered a goldmine – putting the students involved at a higher risk of attempted fraud.

The Student Loans Company has often come under fire -- especially at the time in which students begin a new academic year and loans faces constant delays. In 2010 the government-owned agency was criticised for overcharging students on loans.

Related:

Topic: Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Easily Avoided

    Forget training staff etc....

    Human error can easily be avoided with DRM technology for such spreadsheets such as Microsoft IRM or AD RM / SharePoint,

    Even none Microsoft routes such as PGP etc....

    This can be prevented at a technical level..... Worst case an encrypted spreadsheet is emailed out but can't be read.

    No excuse for this kind of incomptitence!

    Not blaming the sender, as we are all human and everyone makes mistakes, but IT and Governance should have prevented this!
    dmd83
  • How long before one of those students

    sells that email list to a third party, say a bank or something, to cover their own student loan?
    John Zern