Data protection watchdog the Information Commissioner's Office has rebuked the University of York after it accidentally exposed the details of thousands of students on an official web site.
The information, which included names, dates of birth, A-level results, mobile numbers and addresses, was posted to the university's site for over a year before being noticed, meaning that 148 records were accessed inappropriately, the ICO said.
ICO director of operations Sharon Entwisle warned that the case highlighted the need for proper security checks.
"This breach could have been avoided if the university had properly assessed the risks that this work posed to the security of their students' details," she said.
"They also failed to test the security of their IT system once the work was complete, leading to an unnecessary delay in the error being corrected."
The ICO decided not to fine the university given that the details exposed were unlikely to cause "substantial damage or distress" to the students, said Entwisle.
University of York vice chancellor Brian Cantor has signed an undertaking with the ICO to improve data security, including annual testing on certain parts of the university's IT systems.
The ICO is also launching an awareness raising campaign on information rights specifically for students.
The 2011 Student Brand Ambassador campaign will promote best practice on data security as well as educating young people about how they can exercise their rights under the Data Protection Act.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago