University reports data breach in staff survey

There has been a leak in the data from the university’s staff survey. In the application used to view the results, a button was accidentally available that allowed all underlying data to be seen. Names and email addresses were never visible.

Managers had access to summaries of the data in the application PowerBI, but could mistakenly click through to individual, albeit anonymised, responses. The button has now been disabled but since there was a data breach, the university has reported it to the Dutch Data Protection Authority.

‘Extremely unfortunate’

On MyEUR, vice-chair of the Executive Board Ellen van Schoten called the incident ‘extremely unfortunate’. “We greatly appreciate that people completed the E&E-scan in confidence and it is painful that it appears data may have been visible. That is why colleagues from the departments involved are investigating how this could have happened and we will draw lessons so that in future we can work with this data application within the university in a secure way.” The results of the survey are still usable.

Staff have completed the survey in recent months, which includes questions about workload, safety in the workplace, career prospects and other work-related matters.