Police are investigating a data breach at the University of South Wales right in the middle of its exam period.
Though the breach is said to be "limited" it has been passed onto the South Wales Police who are understood to be investigating what has been done with the data.
"The University of South Wales has referred a limited data breach to South Wales Police," a spokesperson from the university said. "We have taken immediate action to secure the University's systems to ensure that there are no further breaches."
The University, which has campuses in Cardiff, Newport and Pontypridd and over 30,000 students, has taken down its student record system, according to Wales Online. The breach happened on Wednesday and one member of the university said that passwords to all staff accounts were later wiped.
IT Pro has contacted both the South Wales Police and the ICO for confirmation of the breach, as yet the university hasn't informed the latter of the 'limited' incident.
Under the GDPR, its the responsibility of the organisation breached as to whether or not it should be reported. Given that the breach happened on Wednesday, South Wales University is still within the 72-hour timeframe for reporting to the ICO.
In February it was revealed that nearly 60,000 data breaches were reported since the GDPR legislation came into force in May 2018. The breach reports came from a wide range of companies and organisations highlighting the scope for hackers to steal sensitive information.
This is not the first time a university has suffered sensitive data breaches. In 2017, information collected by The Times suggested that UK universities were letting through hundreds of cyber attacks a year, with hackers landing 1,152 attacks.
