NUI Galway has confirmed that it suffered a potential data breach after losing a USB stick containing “confidential” information of hundreds of students.
The unencrypted data storage drive contains personal information on up to 5 percent of NUI Galway’s 18,000 strong student body.
Information on the “presumed lost” USB drive could include the names, student ID numbers, and past exam results of roughly 900 students.
The university released a statement about the potential data breach on its website which states:
“NUI Galway recently suffered a potential breach of personal data whereby a non-encrypted portable device (USB stick) was potentially utilised to store a confidential file containing a list of students.
“The device was mislaid and is now presumed lost. While the University is unclear on the contents of the portable device, it may have held a file containing names of approximately 5% of the student body, their student number and exam results.”
NUI Galway went on to say that the incident has been reported to the Office of the Irish Data Protection Commissioner who has since responded with guidance.
All students who might have had their private information leaked in their incident have been contacted by email to alert them to the situation according to a university spokesperson.
“The University Data Protection Officer has considered the matter in the context of the requirements of the Data Protection Acts 1988-2018. All students who may have been impacted have been notified.”
It’s understood that a review will be undertaken of the how the information came to be misplaced “to ensure that such an incident does not occur again.”
“The University has strict policies in place relating to the use of portable devices, in addition to a staff data protection training programme and online security training.”