The Department of Computer Science has launched an investigation after confidential information about students was made publicly available online.
Minutes of Board of Studies meetings which included the names of students who had been granted Leaves of Absence were easily accessible via Google. In some cases, the minutes specified that students had left due to medical reasons.
The names of students who had been given formal warnings were also made available, with several students expressing concern over this information being visible to potential employers. The minutes also included details about students who had failed the 40 per cent requirement for first year and were therefore being asked to resit or leave the course.
One Computer Science student, who wished to remain anonymous, said that they were “shocked” by the situation, adding: “I’ve heard some of my friends found some pretty confidential info about them.” The student went on to say: “It’s interesting that they’re calling it a breach when in fact it’s just their lack of security meant Google was indexing all of their confidential meeting minutes for all to see.
“It’s more accidental dissemination than breach, which implies somebody broke through some kind of security, when in fact it was non-existent. Of all departments you think they’d have the knowledge to secure a website.
“I found some pretty interesting stuff just by searching my name – the entire year’s first year results, broke down by assignment, and some meeting minutes that were discussing who didn’t meet 40 per cent in their first year and were having to resit.”
The student added: “The most interesting find was a meeting where the NSS results were being discussed (we’ve slipped [down] the ranks quite significantly). I can’t imagine the department’s going to get scored better next year either after this gaffe.”
Another student told Nouse: “It’s worrying that they’ve made such a trivial mistake with extremely sensitive data.”
Staff are now investigating the extent to which individual privacy has been compromised and have assured students that measures have been put in place to avoid a similar situation happening in the future. The information is no longer available via Google.
Kieran McHugh, Second Year Course Rep for Computer Science, said: “Any disclosure of confidential information is a serious breach of security and I will be working with other course reps to ensure students are kept informed. I have every confidence that the department will learn from this issue and it will not be repeated.”
A spokesperson from the University of York told Nouse: “We apologise to all those who may have been affected by the breach, and will be contacting all those affected personally in due course.
“Students and staff should be assured that confidentiality of personal data is of paramount importance to the University and that lessons learned from this incident will be disseminated across the institution.”
The Computer Science department moved to a brand new, purpose-built building on the Heslington East campus in 2010. The department currently has 43 academic members of staff teaching over 300 undergraduates and 200 postgraduates, with 24/7 lab facilities.
The Research Excellence Framework results ranked York as the seventh best Computer Science department in the UK in 2014.