Inquiry launched into data breach at CIT
Prospective students for the Bachelor of Arts course must include a portfolio of their work as part of the application process, and it is assessed and marked out of 600.
The names and addresses of each of the 137, who had been successful and selected to go to the next stage of the process, were also part of the email that was sent to all of 137 applicants.
The breach related to applicants for a course at CIT’s Crawford College of Art and Design which commences this autumn.
Each of the 137 were notified not only of their mark out of 600, but the mark of the other 136 as well.
The email that led to the breach was sent last month.
In a letter which arrived by post and email yesterday signed by Barry O’Connor, registrar for CIT, and Orla Flynn, head of Crawford College, details of the data breach were outlined and there was an apology.
In the letter, they say that “due to a technical error in the e-mail merge process, all students deemed eligible to go forward to the final selection process received a copy of each individual e-mail in the e-mail batch.
“Thus, each individual’s name, address, ID number and portfolio mark has been e-mailed to all 137 candidates who were deemed eligible to go forward to the final selection process.
“The institute and CIT CCAD sincerely apologise for this error and the Data Protection Commission has been notified in accordance with the Data Protection Acts 1988 and 2003.”
It also said CIT “regrets any upset or confusion this e-mail error may have caused you.”
The 137 applicants are also asked to delete the emails containing the data, because they had been sent in error and “also contain certain date inaccuracies.”
One woman whose son received an email said: “I am shocked and surprised that in this day and age something like this could happen. I am concerned about the details, particularly the addresses of the successful applicants being involved. It is a breach of confidentiality.
“It is also possible that some of the applicants, whose details are on the email, are actually under 18,” she added.
A spokesperson for the Data Protection Commission said that the letter of apology sent to candidates, as well as the request to delete the email in question, “are in line with our data security breach code of practice.”
In a statement yesterday, CIT said: “It has come to our attention that a number of CAO candidates who have applied to CIT Crawford College of Art and Design had some of their details shared inadvertently with other candidates. CIT regrets this occurrence.
“All the relevant people, including the affected candidates and the data commissioner, have been notified.
“CIT is currently taking steps to identify how this data breach occurred and to ensure it is not repeated.”
