Security Breach at NUI Galway

While on twitter last night I was alerted by @_Aella to a breach at NUI Galway.  According to the information posted on the college’s website they appear to have recently been advised that a file containing the contact details of students who registered or were pre-registered to the college in September 2008.  The statement goes on to say that the breach was dues to ” a security issue with the NUI Galway Clubs and Societies computer system.”

The information accessed, while it may be annoying to those impacted, is of relatively low threat to them.  It is their personal details such as their name, student ID, phone number and NUI Galway email address.  The college assures people that “no other personally identifiable information that you have supplied to the University was at risk.” and that “we encourage you to be aware of common text/ email scams that ask for personal or sensitive information.”

The issue has been reported to the Data Protection Commissioner under the Data Security Breach Code of Practise.  It will be interesting to hear will their be any additional details released as to how the breach occured and whether this was due to an external attack or due to lax internal security controls.