UK uni KCL spunks IT budget on 'reputation management' after IT disaster headlines

Exclusive While front-line techies at King's College London have been slaving away to solve the problems of last October's IT disaster, their embarrassed superiors have been dipping into the IT budget to “reputation manage” the incident.

Last October, a one-fault-tolerant RAID array running the entirety of the UK university's IT estate imploded, taking out everything from payroll to shared drive access. As the smoke began to clear over the subsequent fortnight, departments across the university were left facing “irretrievable data loss” including of archived research material as well as original data.

As grunts committed themselves to aiding the restoration process — which has included forensic recovery work, new software purchases and the laborious process of recapturing previously digitised information where only paper copies remained — their bosses brought in reputation management business RiskEye, which set about trying to expunge news of the incident from the web.

After The Register declined to remove its coverage, we filed a request to the public university under the Freedom of Information Act to find out how much it had spent on RiskEye's services.

We were informed that the firm was paid £1,000, and that the funds for the handful of phone calls and the single email sent to us, had been sourced from the existing IT budget.

Biting the hand

Although the IT staff's efforts in remediating the catastrophe has won them universal praise at the university, the department has a wall of credibility to rebuild.

There was, and remains, much distrust in the new system at KCL, provoking the department to ask staff to not save work independently of the university system when it first went live. Fortunately, end-user management seems to be improving, with the IT department now providing approved devices for that explicit purpose, with firmware-based, whole device encryption employed on removable media to answer previous concerns regarding information security.

Of course, complete belief in KCL's capability to house researchers' work without losing it won't be regained without a truth and reconciliation process. While KCL has continued to offer prayers and counselling to affected members of staff, to those ends it has also appointed PA Consulting Group to do an external review, which is due to be published this month.

The consultancy will undoubtedly be bringing plenty of domain expertise to the incident having previously lost the personal details of the entire UK prison population in 2008, and subsequently its contract with the Home Office. As recently as 2014, it also managed to ignite the ire of Health Select Committee member Sarah Wollaston MP, after uploading NHS data to Google's cloud.

The Register understands than an early response to a draft of the report stressed that it needed to be “couched in much stronger language”, which our sources have angrily stressed must include technical details of the failure, for which nobody has yet been blamed.

KCL did not respond to The Register's enquiry of whether this report would be made public when asked. We will update this article if we receive a response. ®

Get in touch

While the opportunity for official communications from the institution remains open, if you work at KCL and have been affected by the October incident and aren't being spoken for, we welcome you to contact The Register here, which would be best done using a non-university email return address.