Feeds

York Uni exposes students' private info

17,000 sets of details fall through website holes

Top three mobile application threats

The University of York has leaked confidential personal information on students due to website security vulnerabilities.

Details including mobile phone numbers, addresses and A-Level grades of an estimated 17,000 students were exposed as a result of the breach.

University administrators have reported the incident to privacy watchdogs at the Information Comissioners Office. Meanwhile an internal investigation is taking place.

The sensitive data was exposed on a student inquiry page of the university's website accessible to world + dog, not just faculty members, and without any need to log into the site. The student union was expressed particular concern that students’ registered emergency contacts were also exposed by the breach, an aspect of the snafu that meant the breach also affected friends and family of students.

University authorities have admitted the breach and apologised to the affected students as well as promising to tighten up security at the tertiary education facility, the BBC reports.

Aziz Maakaroun, business development director at a vulnerability management specialist Outpost24, said the breach stemmed from a failure to follow best practices on website security.

“Vulnerabilities in websites make it all too easy for hackers to tamper with the content – in this case, posting personal data on the student enquiry page of the University’s public website," Maakaroun said. "To stop this from happening, it is vital that organisations take a more proactive approach to their security by continually scanning for web vulnerabilities which hackers find relatively easy to exploit.” ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.