The incident occurred when two automated emails were sent out over the weekend of 17-18 May to users of the university’s online recruitment system. Some of them included not only details of jobs advertised since November 2013 but information – including dates of birth, telephone numbers and home addresses – about the people who applied for them.
Once it realised what had happened, the university wrote to all those affected, explaining that “each email contained a file attachment with information which was intended for internal purposes only, and was generated and sent in error. When the University became aware of the automated messages, it sought to block the emails and the system was disconnected.” It also asked those concerned to “delete the message(s) without reading or forwarding”.
In an online list of frequently asked questions relating to the incident, the university acknowledged that they “don’t yet have an indication as to how many people opened the files and read the contents”, though their large, difficult-to-open format led them to believe that “few people will have opened the files”.
Asked to comment, a spokesman for the university said that they took the situation “extremely seriously” and offered “unreserved apologies”.
To minimise any damage caused, they had “immediately disconnected the system and began working to identify the individuals who may have been affected. We have also taken the precautionary step of notifying the Information Commissioner that we are completing an investigation as a matter of urgency. We are working with our software provider to ensure that this situation cannot happen again.”