Three members of staff at the Glasgow-based Student Loans Company have been fired for computer misuse over the course of the last four years, new figures have revealed.

They are among 23 employees at the organisation – which administers loans for millions of current and ex-students across the UK – to be formally reprimanded for abusive and offensive online behaviours.

Disciplinary action was taken where staff had accessed private accounts of family members, shared content on Facebook linked to criminal activity and sent inappropriate content via work emails.

The figures, which date back to 2018, came to light in a Freedom of Information request by specialist legal firm Griffin Law.

They revealed that in 2021, seven employees have been punished for cases of computer misuse, including one where an employee has been suspended, pending investigation, for accessing their family or friend’s Student Finance accounts and another on a final written warning for the same offence.

Five cases this year resulted in punishment via ‘informal action’ – including two where inappropriate language was used in an email to a line manager, and two where employees were punished for inappropriately ‘liking’ a negative post on LinkedIn.

In 2020, there were two recorded punishments for computer misuse, including a summary dismissal where the perpetrator shared inappropriate and offensive material over Microsoft Teams. And in 2019, there were six punishments in total, including one dismissal for wrongfully accessing a personal, friend, or family member’s Student Loan account, and a resignation following excessive use of internet during work time (“amongst other allegations”).

In 2018, eight punishments were meted out including five relating to the social networking site Facebook, four of which were due to the use of ‘offensive’, ‘derogatory’ or ‘aggressive language’ ‘and/or images targeting colleagues’, which resulted in written or verbal warnings. In one case an employee was dismissed because they shared content via social media which linked a colleague to criminal activity, potentially ‘bringing the Company into disrepute’.

Cyber expert Torsten George, of Absolute Software, said: “Organisations like the Student Loans Company oversee some of the most sensitive data imaginable, including personal financial details, statements payments information of millions of people. The risk of SLC employees walking away with sensitive data or selling their access credentials has never been greater.”

With more employees now working remotely, organisations need to focus their efforts on managing ‘endpoint’ security vulnerabilities.

He said: “Under the current economic conditions, IT security professionals need to quickly re-assess their approach to defending against insider threats. Endpoints containing sensitive data pose a more serious risk. With more workers off-network and often struggling with reliable network connectivity, more information is being stored on local machines.”

An SLC spokesperson said: “At SLC we have robust policies and procedures in place to ensure that colleagues use technology appropriately, to identify instances of unacceptable behaviour and to take action when required. We employ over 3,000 colleagues and as the data rightly demonstrates there have been very few instances over the past four years where action was required.”  

The Student Loans Company recently announced the agreement of a 20-year lease with Drum Property Group for a new purpose-built office at Buchanan Wharf, Glasgow. As part of the agreement, SLC will work with the Government Property Agency to co-locate up to 600 civil servants to support the UK Government Hubs Programme.