Data Breach at University of Sydney
University of Sydney is the Another victim of Data Breach
A security flaw in managing web data caused another data breach and this time the victim is University of Sydney. In this data breach the detailed records of the thousands of University students were leaked. The past and present student’s vulnerable data were stored online where they could be easily accessible and down-loadable. The lost record of the students contained student full name, home address, email address as well as the courses they studied and the cost of that course.
A security expert said that it took less than five minutes to access the records of around 55 students. To access the any student’s information you need only that student’s ID number, but just by entering the numbers in the internet browser’s address bar brings students’ private information randomly.
New South Wales Investigation Report
New South Wales is Australia’s most populous state and located in the south east of the country. The office of NSW Privacy Commissioner is investigating this data breach incident. NSW acting privacy commissioner, John McAteer said in a statement that judging from the information; it appeared the university might have violated section 12(c) of the NSW Privacy and Personal Information Protection Act 1998.
According to this act, “a public sector agency that holds personal information must ensure that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse”.
Vice-chancellor Sent Email to Inform the Students
This website was made aware of the breach after it revealed that the website of University of Sydney was sabotaged and altered by a hacker. After this website informed the University of the Breach, it blocked the access to the vulnerable part of the website.
The vice-chancellor and principal Michael Spence, sent an email related to data breach to all students. In the mail he said that unfortunately a malicious hacker managed to access the university’s home page and some high level corporate web pages, last week. So the university had engaged two of Australia’s leading web security organizations to investigate this matter.
Law enforcement authorities were not informed about Breach
A spokesperson said that the incident had not yet been reported to any law enforcement authority. According to newspaper information, the university was told about this security threat in February 2007, but did not take any action to secure the information.
Michael Spence, declined to comment on the possibility of an earlier report, but said that he was “appalled to be notified that some records could be accessed in this manner”. He said that the university would take action immediately to close it.
As threats of data security are growing nowadays, it must for the organizations to do proactive assessment and mitigation of threats. By taking the proper measures and by using the data encryption software companies can secure their customers confidential data. It’s crucial for the organizations to safeguard websites from the security breaches.
How Alertsec Xpress Would Have Helped
To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.