BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Password breach shuts online portal

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 23 Oct 2010 04:19:05 -0400
http://www.stthomastimesjournal.com/ArticleDisplay.aspx?e=2812735

The Internet passwords of more than 27,000 high school students in the
Thames Valley District School Board were compromised Wednesday, forcing the
board to shut down its online student portal.

But the board believes the system, and information on students, is secure:
the portal was taken down immediately after the breach was discovered.

Around 4:25 p.m. Wednesday, a link was posted on a Facebook page directing
visitors to a website on which the names and passwords of Thames Valley
students were posted, Valerie Nielsen superintendent of operations and
program services for the board confirmed Thursday afternoon.

"Yesterday we received word there was a security breach regarding our
student portal and, yes, that those passwords had been posted. We
immediately shut down our student portal so that those passwords would be
meaningless, that nobody could do anything with the student portal.

"Our student portal is completely secure," she said.

Nielsen wasn't able to say how, or why, the security attack occured, but
London Police have been called in to investigate.

Const. Dennis Rivest from London Police confirmed an investigation into the
incident has begun, but he was unable to provide further information as the
investigation was in its early stage.

The board's student portal website allows secondary school students an
online space to view their marks, courses and timetable. Nielsen said other
personal information, such as home address or contact information, was not
listed on the portal.

The concern now is whether students use those same passwords for something
else such as bank accounts or other sites such as Facebook.

"If they use that same password, they should change that as soon as
possible. Our main concern is our students and for the access and safety of
their passwords," Nielson said.

She did not provide an answer when asked why information about the security
breach was not made public on Wednesday.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: