BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

250, 000 students PII explosed at Dawson College Montreal Canada

From: "Al Mac Wow" <macwheel99 () wowway com>
Date: Tue, 22 Jan 2013 12:34:03 -0600
There are multiple news stories about this.

1.
http://www.huffingtonpost.ca/2013/01/21/hamed-al-khabaz-dawson-student-expel
led_n_2520295.html and other news stories about a student who found that
250,000 fellow students had their social insurance numbers, home addresses,
phone numbers, and other info, exposed on the college web site.  He brought
this to attention of school authorities.  He did further testing to see if
there were any other vulnerabilities.  He got expelled, and may face
criminal charges.  The computer system is owned by the university, so
students scanning it to identify vulnerabilities, is a serious no-no.  We
should only check security on computers we personally own.

2.
http://o.canada.com/2013/01/22/dawson-student-expelled-while-college-website
-remains-hacked-16-months-later/ apparently the web site was hacked in 2011,
and as of 16 months later, it was still hacked, not repaired.  I guess
whoever identified this problem will also face criminal charges, because in
Canada, institutions apparently may place people PII at grave risk, but
anyone who finds out about it, and tries to warn them, is in legal trouble. 

 

Al Mac (WOW) = Alister William Macintyre

via WOW WAY.com ISP

2012 April I had a serious PC melt down, from which I am still recovering

 


_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: