A clerical error at the Brock University library resulted in secure student information being leaked to the university’s public website, according to an open letter sent out earlier this month.
In the letter, Murray Knuttila, Brock’s provost and vice-president (academic), explained that a library employee accidentally uploaded a file containing the university’s student names, ID numbers, phone numbers and mailing and e-mail addresses to the Brock website.
Although the incident was traced to Dec. 22, the leak was not discovered until Jan. 28, when a Brock student discovered his private information freely available online after performing a Google search on his name.
Though the student information file was secured with password protection, preventing any further perusing of private data, university staff nonetheless swiftly deleted the file from the website.
Knuttila went on to say that “immediate steps were taken to reduce the risk of recurrences. Brock University is committed to the highest level of security of student information and the protection of privacy,” though he suggested that students “regularly change their passwords for security purposes.
Kevin Cavanagh, Brock’s associated director of communications and public affairs said the
incident was due to human error.
“Let’s be clear: the mistake was the organization’s not the individual’s. It shouldn’t have happened, our processes shouldn’t have put this person in the position where it could have happened in the first place,” he said.
Cavanagh said the university will be hiring an independent consultant to review the entire organization so to ensure that no further secure information could be uploaded to a publicly accessible venue, accidental or otherwise. Furthermore, Brock’s communication system will be audited.
Cavanagh said the university needs added checks and balances to prevent data leaks from reoccurring in the future.