Greenwich Uni Fined for Data Breach | Xuper | News

Greenwich University fined for data breach

The University of Greenwich has been fined £120,000 by the Information Commissioner following a serious data breach which involved the personal data of nearly 20,000 people.

The personal data of students, staff and alumni was uploaded onto a microsite for a training conference and was not secured or closed down. The data included names, addresses, dates of birth, phone numbers, signatures and around 3500 of these included sensitive data such as information on physical and mental health problems, staff sickness records, individual students’ study progress which included reasons why they had fallen behind, and copies of emails between them and staff.

In 2013 the data was compromised and the information, which had been published alongside committee meeting minutes, was posted elsewhere. The breach was discovered by a student who then brought the matter to the attention of the Information Commissioner Office (ICO) and the BBC.

In a statement, Greenwich University said it would not appeal against the decision and said it had carried out an unprecedented overhaul of it’s data protection and security systems since the discovery of the breach in 2016.



Under GDPR these fines could have been even worse. The GDPR is now only days away so it’s vital you have all the appropriate measures in place to keep personal data as secure as possible. Any data breaches under GDPR could potentially result in fines up to 4% of annual global turnover or €20 million (whichever is higher).

For more information around GDPR you can read our summary article here.



If you have any concerns around GDPR compliance or cyber security, you can speak to one of our experts on 01332 362 481 or


Research for this article: