We take the security of your personal data seriously and have strict systems in place to protect it.

Access to SDS and some other University systems was unfortunately restricted for a few weeks during the autumn term to plug a security vulnerability. Due to the actions we took, no personal data was lost or accessed when it shouldn’t have been.

The risk was related to a third-party tool used by many organisations, which enables users to log into online systems securely. A vulnerability in this tool was discovered by a University in Norway, and once informed, the University of Kent responded with appropriate measures.

The vulnerability would have made it possible for a hacker to impersonate you and gain access to your data in SDS. To prevent this we had to disable the ability to log in using a web browser until logging in could be made fully secure again.
Some staff who access SDS using software on their PC were able to support students with the limited access they had.

To re-secure access, we needed to significantly redevelop the login system very quickly. This required robust testing and validation to make sure it was secure; this was verified by a third party and meets the independently recognised security standards we adhere to at Kent. Our Cyber Essentials certification recognises the strict security standards we adhere to.

We know that students and staff rely on systems like SDS to be there at all times and so any access interruptions are taken extremely seriously and avoided as much as possible, especially during term time. Hopefully this article explains why, on this recent occasion, the interruption was necessary, and that we restored access as quickly as we possibly could.