The University of Warwick, one of UK’s leading universities, is currently facing backlash following reports of a breach cover-up that happened in 2019. According to Sky News, the university had been targeted by hackers last year, but details of the incident have not been passed on to students and staff that were potentially affected by the breach.
“Hackers accessed the University of Warwick’s administrative network last year in an attack which has been kept secret from the affected individuals and organisations,” Sky News revealed.
According to the news outlet, the incident happened after a staff member installed remote-viewing software, which had been exploited by hackers to access the school’s network and steal personal information of students, staff, and volunteers engaging in research studies.
“Because cyber security protections at the university were so poor, as per the findings of an internal report revealed by Sky News earlier this month, it was impossible for the university to identify what data had been stolen,” the report added.
In March this year, the Information Commissioner’s Office (ICO) carried out a data protection audit of Warwick University, leading to the discovery of multiple flaws in the university’s security system.
“Our findings suggest that there are insufficient cyber security measures in place to adequately protect IT systems and data,” the auditors wrote in their report.
As a result, the UK’s data protection watchdog recommended over 60 ways on how the university could secure personal data in its system, 15 of which is identified as urgent.
In a follow-up meeting, the regulator also recommended that Rachel Sandby-Thomas, Warwick’s registrar and executive lead for data protection, be removed as chair of the university’s data protection privacy group (DPPG) and be replaced by someone with data protection expertise.
“The registrar fully agreed with the report’s finding that we should give those areas of responsibility to someone with a specialist skill set and experience,” the University told Sky News in response to the ICO’s recommendation.
“As previous structures clearly did not deliver all the change and improvements we had sought in this area, it is no surprise that we also sought to change and improve these structures.”
“We have therefore introduced two new committees to provide enhanced oversight and advice which bring in a wealth of talent including one of Europe’s leading cyber security professors.”
To date, the committee, which Sandby-Thomas had chaired, has already been disbanded by the registrar, and new chief information and a digital officer has also been hired.