BreachExchange mailing list archives
250, 000 students PII explosed at Dawson College Montreal Canada
From: "Al Mac Wow" <macwheel99 () wowway com>
Date: Tue, 22 Jan 2013 12:34:03 -0600
There are multiple news stories about this. 1. http://www.huffingtonpost.ca/2013/01/21/hamed-al-khabaz-dawson-student-expel led_n_2520295.html and other news stories about a student who found that 250,000 fellow students had their social insurance numbers, home addresses, phone numbers, and other info, exposed on the college web site. He brought this to attention of school authorities. He did further testing to see if there were any other vulnerabilities. He got expelled, and may face criminal charges. The computer system is owned by the university, so students scanning it to identify vulnerabilities, is a serious no-no. We should only check security on computers we personally own. 2. http://o.canada.com/2013/01/22/dawson-student-expelled-while-college-website -remains-hacked-16-months-later/ apparently the web site was hacked in 2011, and as of 16 months later, it was still hacked, not repaired. I guess whoever identified this problem will also face criminal charges, because in Canada, institutions apparently may place people PII at grave risk, but anyone who finds out about it, and tries to warn them, is in legal trouble. Al Mac (WOW) = Alister William Macintyre via WOW WAY.com ISP 2012 April I had a serious PC melt down, from which I am still recovering
_______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- 250, 000 students PII explosed at Dawson College Montreal Canada Al Mac Wow (Jan 22)