Main Stories

Student’s confidential data sent to hundreds of peers in UEA leak

A UEA lecturer has accidently sent private data about a student’s failed master’s dissertation to hundreds of students. The email, which was sent to all Environmental Sciences students (ENV), was addressed to the master’s student and included extensive and detailed feedback on the student’s dissertation. 

The lecturer emailed close to half an hour later asking ENV students to disregard and delete the email containing the data leak.

This is not the first time UEA has leaked students’ data. In 2016 UEA reported 16 data breaches, of which three were classed as “misdirected email with attachment containing sensitive data”. 

In early 2017 hundreds of American Studies students had personal data regarding extenuating circumstances leaked via email. The emails contained sensitive personal data that included student names, ID numbers and explicit information regarding the explanation for extenuating circumstances. In some cases this revealed students’ mental health, students who had been victims of crime and those who had undergone medical procedures. In that case the university referred itself to the Information Commissioner’s Office. However the regulator decided no action was needed.  

Later in the same year over 300 social science postgraduate students were sent an email containing personal information about a staff member’s health

UEA states on their website: “All staff working with personal data must, at minimum, complete the online data protection training module as soon as possible after commencement of their duties.”

On a separate webpage the university states:  “The fines that can be issued as a result of the data breach are very large, and organisations can also be fined for failing to notify the Information Commissioner that a breach has occurred.”

Following the latest data leak a university spokesperson said: “What was technically classed as a data breach occurred as a result of simple human error. A postgraduate student inadvertently emailed a student list for a School and an academic replied to all. The email was immediately recalled and an additional email sent to recipients to delete it. 

“Both the student and academic involved recognise this was simply human error and do not want or expect any further action.”

One ENV student who opened the email, who wished to remain anonymous, said: “I was quite shocked. It’s a horribly unfortunate situation for both the student and the lecturer and I felt sorry for both of them.”

They added: “I can only assume the mishap left both of them feeling terrible.”

Katherine Childs is a master’s student studying education, leadership and management. She said: “I can understand how easy it is to make a mistake when sending an email. However when sending such an important email I would have thought more care would have been made by the staff in ensuring the information goes to the correct student. 

“As a master’s student myself, my degree means a lot to me. Most people pursue a master’s course out of passion or to achieve a goal. 

“I would be extremely disheartened to find out I had failed and to add to the disappointment I would be mortified if all of my peers had access to this information. At the moment I am enjoying my master’s course a lot and it is shaping me as a professional, I would not want my results to be leaked in this way no matter what the outcome. 

“The response to this leak definitely depends on the individual, however I would seek compensation from the university.”

In response to the most recent data breach the university said: “Students and staff are reminded to be careful when using email, and to always check the recipient list before pressing send.”

Like Concrete on Facebook to stay up to date


About Author


Chris Matthews Bryan Mfhaladi and Samuel Woolford

May 2021
Latest Comments
About Us

The University of East Anglia’s official student newspaper. Concrete is in print and online.

If you would like to get in touch, email the Editor on Follow us at @ConcreteUEA.