The University of the Highlands and Islands was at the centre of a data breach after an administrator inadvertently revealed 132 email addresses.
UHI reported itself to the Information Commissioner’s Office (ICO) and an investigation has been launched after an email sent on Monday about evening classes showed every recipient’s email address.
>> Keep up to date with the latest news with The P&J newsletter
The member of staff failed to use the BCC field which conceals addresses – and to make matters worse, sent a second message to “recall” yesterday, again showing everyone’s address.
On Tuesday UHI’s data controller sent an email asking recipients to delete the original message, adding: “I would like to apologise for any inconvenience this error may cause.”
The data controller confirmed the incident is being recorded as a “personal data breach” and will be reported to the ICO within 72 hrs, “as required by law”.
One of those affected was the Press & Journal’s Susan Welsh, who said “It’s disappointing to hear the UHI is having IT problems again.”
Last year, she had tried to sign up for an Indian cookery course but failed because of an IT issue. She flagged up the problem and was told her name would be put on a waiting list or they would be in touch.
Ms Welsh said: “I heard nothing, so a few weeks ago contacted UHI again to see if they were planning to run a class this term, but received no response. Then on Monday, I received an email with details of this season’s evening classes along with everyone’s email addresses.”
A spokeswoman for Inverness College UHI said: “Inverness College UHI takes all matters of data protection and information security very seriously. We were very concerned to learn of this data breach and acted quickly to inform any customers that may have been affected
“The incident has been reported to the Information Commissioner’s Office. An investigation is underway to ensure that appropriate action is taken to prevent this happening again.”