The personal details of over 350 University of Limerick students were released in an accidental data breach earlier last month.
A “human error” caused the leak of the bank account details and PPS numbers of residents in the university’s Kilmurry Student Village, a spokesperson confirmed.
An email with an attachment containing the bank account details, including IBAN numbers, sort codes and BIC numbers, of 363 residents was sent to a student on February 6 this year.
The student who received the email later passed it on to a family member.
The mistake was discovered by the subsidiary company that manages the student village three days later.
The Data Protection Commissioner was notified of the data breach upon its discovery and said an “investigation is ongoing and UL is reviewing its procedures to ensure compliance with its data protection obligations.”
A spokesperson for UL told the Limerick Leader that the breach was “fully contained”.
“Campus Life Services worked with the student who received the information in error, and with the parents of that student, to ensure the data breach was fully contained and that all emails and attachments have since been deleted,” she said.
“Apart from the inconvenience caused to those who were affected there was no adverse consequence to the incident,” the spokesperson added.
This is the second data breach in UL this academic year after information relating to students’ grant applications were displayed on its website last December.
The bank account details and household incomes of seven students applying for assistance funds could be seen for one weekend before the error was caught.
The university also suffered a lengthy delay in January in issuing exam results to over 12,000 students after it carried out “a review of its student information systems”.
Image Credit: Letcheck Ireland