BreachExchange mailing list archives
Password breach shuts online portal
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 23 Oct 2010 04:19:05 -0400
http://www.stthomastimesjournal.com/ArticleDisplay.aspx?e=2812735 The Internet passwords of more than 27,000 high school students in the Thames Valley District School Board were compromised Wednesday, forcing the board to shut down its online student portal. But the board believes the system, and information on students, is secure: the portal was taken down immediately after the breach was discovered. Around 4:25 p.m. Wednesday, a link was posted on a Facebook page directing visitors to a website on which the names and passwords of Thames Valley students were posted, Valerie Nielsen superintendent of operations and program services for the board confirmed Thursday afternoon. "Yesterday we received word there was a security breach regarding our student portal and, yes, that those passwords had been posted. We immediately shut down our student portal so that those passwords would be meaningless, that nobody could do anything with the student portal. "Our student portal is completely secure," she said. Nielsen wasn't able to say how, or why, the security attack occured, but London Police have been called in to investigate. Const. Dennis Rivest from London Police confirmed an investigation into the incident has begun, but he was unable to provide further information as the investigation was in its early stage. The board's student portal website allows secondary school students an online space to view their marks, courses and timetable. Nielsen said other personal information, such as home address or contact information, was not listed on the portal. The concern now is whether students use those same passwords for something else such as bank accounts or other sites such as Facebook. "If they use that same password, they should change that as soon as possible. Our main concern is our students and for the access and safety of their passwords," Nielson said. She did not provide an answer when asked why information about the security breach was not made public on Wednesday.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Password breach shuts online portal Jake Kouns (Oct 23)