Security Breaches Expose Thousands of Hong Kong Students' Personal Data

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.esecurityplanet.com/network-security/security-breaches-expose-thousands-of-hong-kong-students-personal-data.html

Hong Kong's Office of the Privacy Commissioner for Personal Data
(PCPD) recently announced that the personal information of as many as
8,505 students at several different schools has inadvertently been
exposed online.

"The breach involved two primary, seven secondary and two tertiary
institutions," writes The South China Morning Post's Phila Siu. "Data
from the nine schools included names, e-mail addresses, student
reference numbers and telephone numbers. Most of the information was
in contact lists for school clubs and alumni."

"According to the PCPD, it started compliance checks on 12 schools
alleged to have exposed student data online according to a media
report last April," Computerworld reports. "The results confirmed that
9 of the 12 schools had inadvertently exposed personal information on
their web sites."

"Bearing in mind that we have only spent a limited amount of our time
in the exercise and our search was only based on some unsophisticated
means, the extent of the cyber security problem we have identified is
disproportionate," Privacy Commissioner for Personal Data Allan Chiang
said in a statement. "It reflected a serious lack of vigilance and
adequate security measures on the part of the educational institutions
in safeguarding personal data."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.