It has been found that third level student’s personal data is at high risk of being breached. Universities and ITs have an especially high risk of data leaks due to the sheer volume of personal data the institutes must process each year. The prevention of data breaches can be a difficult issue for institutions to manage due to the large volume of staff to train, and numerous network systems that have to be secured.

Student information stored on systems in universities can be of a sensitive nature such as PPSN numbers, along with banking details make this information highly valuable to criminals. And, because of this, hackers are deliberately targeting educational institutes worldwide.

83% of data breaches happen by unauthorised disclosure of people’s personal information. In the majority of cases, this disclosure is accidental — for example, someone emails information to an incorrect recipient, or documents get mislaid.

In other cases of data breaches, information may get leaked because of deliberate theft. This could be the result of a laptop being stolen, or files taken, or a cybersecurity attack. Disclosures such as these are becoming increasingly common. 

Three major breaches of student’s data in Ireland:

Since the GDPR regulation came into force on the 25th of May 2018, there have been three significant data breaches of student information:

Aug 2018, it was identified that there was a serious flaw in the Student Leap Card system (The student discount travel card). This error allowed college agents to view students personal information such as phone numbers, email address, home address etc.

November 2018, NUI Galway confirmed that the institute suffered a data breach when a USB stick went missing. The stick contained confidential information of 100s of students. It is thought that the USB contained names of around 5% of the student body, their student numbers and exam results. 

October 2019, The Institute of Technology Tralee apologised for a data leak. The breach involved an Excel document that contained personal information of several hundred students. The document was accidentally sent out in an informational email, to a group of students participating in the ITs graduation ceremony. 

Institutions must take steps to help prevent a data breach from occurring, major breaches are a costly and serious issue for universities. When a breach occurs the University or IT must notify all potentially affected students and that the incident must be reported to the Data Protection Commissioner.


In contentious business, a solicitor may not calculate fees or other charges as a percentage or
a proportion of any award or settlement