Warwick Students' Union configuration error leaks thousands of students' personal data
Learn More
Warwick Students' Union exposed the personal information of thousands of students from August 2-4, 2025.
The incident occurred when planned system changes perfromed by Warwick SU staff inadvertently granted all society members 'President' permissions on the SU's webpage, providing access to membership lists and finance request history. During the 36-hour exposure window, 13 societies had confidential information accessed by nine individuals. The exposed data sets include societies that support marginalized communities such as Warwick Pride, Autism at Warwick, and Warwick Enable. The breach also affected Warwick Student Cinema, described as one of the campus's largest societies by membership.
The exposed data includes:
- Personal data of thousands of students
- Home addresses
- Complete membership lists for affected societies
- Finance request history spanning the previous six years
- Bank details and billing addresses submitted through finance requests
- Names of hundreds of society members
- Historical financial documentation including receipts, invoices, and potentially screenshots from banking accounts
The number of affected individuals is not disclosed. SU claims that steps were being taken to correct user permissions and prevent similar incidents.
Warwick Pride, one of the affected societies, stated this "isn't the first data breach Warwick Pride has faced" and noted that "last year, the SU outed the identities of our Exec, and previously, the SU has stored information on students based on their legal names, not their preferred ones."
Members of affected societies received email notifications on Friday 8th of August informing them of the leak, and the SU directed concerned students to the Advice Centre for further guidance.
