University Of Sydney Website Hack Raises Privacy And Information Security Concerns

By Author: Peter Martin
Total Articles: 211
Comment this article

Over the last few months, several major universities have reported data breach incidents. Recently, the website of University of Sydney was sabotaged and altered by a cybercriminal. University of Sydney has acknowledged the existence of a security flaw on the website, which caused leakage of confidential information related to students. Confidential information such as names, residential address, e-mail addresses, details of enrolled courses and costs related to thousands of students have been reported to be leaked by a hacker, who identifies himself as Evil. Security experts at the University have blocked access. Access to the vulnerable part of the website was blocked after the discovery of the leak. The office of the New South Wales Privacy Commissioner is investigating the data breach incident. Students availing library services seem to be the most affected.

Data leakage has serious repercussions on the privacy and information security of the affected individuals. Cybercriminals may use the acquired information for applying for student (fake) loans, blackmailing, identity theft, mail theft and other forms of deceit. ...
...

The offender has claimed access to significant part of the University network. The security flaw in the website allows any person with knowledge of a student ID number to gain access to details of several students by tweaking the ID number in the URL of the page. As threats in the cyberspace are growing in sophistication, IT personnel must be encouraged to attend seminars, workshops, refresher courses and IT training sessions to update their technical skill sets.

Ironically, the University was cautioned against the existence of such vulnerability four years back. While University authorities have claimed that security flaw has been mitigated, regular evaluation of security status of web applications is crucial to prevent data security breach incidents. Usually, penetration testers conduct in-depth tests and analyze the vulnerabilities and threat vectors and help organizations take corrective measures.

As attacks sometimes require user intervention, employees and students must be guided on safe Internet usage through online training and video clips. Proactive assessment and mitigation of threats is crucial to safeguard websites from security breaches.