Student data breach at the Warsaw University of Life Sciences

21.09.2020

Back to news

BYOD might face some critics, as usage of personal devices led to a data breach at the Warsaw University of Life Sciences.

About 100 students got their personal data compromised as it was stored on an employee’s personal device. The exposure is likely because the device was stolen.

The personal data of students was leaked almost a year ago, in November 2019. The Polish National Personal Data Protection Office exacted a penalty from the university under GDPR. The institution has been said to pay a $13,000 fine this week due to non-compliance.

The university claimed it didn’t know that the employee processed students’ sensitive information on a gadget which wasn’t authorised by the institution and fully acknowledges the breach of the confidentiality principle. Although, the university violated the GDPR rules as well, which became clear after the exceeding of storage limitation was discovered – students’ details have been stored by the university for five years which goes against the European regulation.