A number of members of Imperial College Union (ICU) have had their personal data extracted from a Union database.

The breach, which occurred on the 8th of February 2018, affected 267 past and current members of Imperial College Union, who had a limited amount of personal data accessed. These data included their name, CID number, date of birth, gender, and academic details, among others. Not all individuals had all these data accessed.

ICU was only made aware of the break a week later, on the 15th of February. They informed ICT Security, and disabled the platform to allow the breach to be contained. A spokesperson for ICU said “preventative measures [have been] implemented to prevent such actions being repeated.” The Union were able to confirm that the attack did not come from within Imperial itself. They do not believe it was targeted at the Union, but rather was an automated attack that looked for vulnerable databases.

ICU informed Felix the breach was not serious enough to warrant notifying the Information Commissioner’s Office. In a statement, a Union representative said: “transparency and the trust of our members is important to Imperial College Union, so as soon as was practically possible, we have contacted the individuals involved to let them know.”

Later this year will see the enforcement of the General Data Protection Regulation (GDPR), which sets out more stringent guidance on data sharing, and increased sanctions for breaches.