A Montreal computer science student was expelled recently for finding IT security holes in the school’s student portal, exposing the confidential records of over 250,000 students attending Dawson College.
Hamed Al-Khabaz was working on creating a mobile application for students to have easier access to their school accounts. As he worked on his mobile application he probed the school’s portal, used by students in the Quebec CEGEP program. What Hamed discovered was that by simply exchanging student numbers in the encrypted links, he could easily find social insurance numbers, transcripts and even home addresses of his fellow students.
Hamed was quoted in a report we read on the IT security issues at Dawson College: “It was completely insecure,” he said. “Anyone in the world could log in and access someone’s data.”
Dawson College eventually expelled Hamed over concerns that his findings constituted a threat against the school. This happened after Hamed had accessed the student records a second time, “just to check if it had been fixed.” Hamed said he never had an opportunity to explain his findings to Dawson College and let them know that he was simply trying to help out.
IT security and securing of information must be taken seriously by every organization. Large corporations and small businesses alike need to make IT security a priority in 2013. More and more examples are surfacing daily in the news on organizations that have security gaps in corporate IT infrastructure and with their online applications.
How effective is your IT security? Do you know? When was the last time you had a penetration test completed on your corporate network? Do you know who has access to your business network?
Our team of IT security professionals are here to help you. Give us a call today to book a no obligation review of your business IT security.