The University of Greenwich has admitted that hundreds of students' names, addresses, signatures, dates of birth and mobile phone numbers were uploaded to its public website, making them discoverable via a Google search.
The posting of the details, all belonging to research students, was reported to the BBC by one of the affected students.
The university has since removed the details, and the institution's secretary, Louise Nadal, has apologised for the mistake.
"I am very sorry that personal information about a number of postgraduate research students has been accessible on the university website," she said.
"This was a serious, unprecedented error, in breach of our own policies and procedures. The material has now been removed."
Nadal explained that the university is "acting urgently to identify those affected" and that each person will be contacted individually "to apologise and to offer the support of the university".
"At the same time, I am also conducting an investigation into what went wrong. This will form part of a robust review to make sure that this cannot happen again. The findings and recommendations of the review will be published," she added.
The statement also said that the University of Greenwich is "co-operating fully" with the ICO, which offered the following statement this morning via a spokesperson: "We are aware of an incident at Greenwich University and are making enquiries."
Michael Hack, senior VP of EMEA operations at file transfer firm Ipswitch, said that institutions like the University of Greenwich must watch their backs as new EU regulations seek to clamp down on lax data protection.
"This type of breach will be penalised by even more severe financial penalties than are currently in place. It is clear that, in this case, there has been a breakdown in policy or procedure - quite likely both," he said.
To hear more about security challenges, the threats they pose and how to combat them make sure you sign-up for the Computing Enterprise Security and Risk Management conference on 24 November.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software