An investigation by the Sydney Morning Herald has revealed that information of its past and present students are available online.
The breach is a flaw in how the university handles HECS – the Higher Education Contribution Scheme, which means that the Government pays for the university course taken and it is repaid by a person’s income via tax at no interest.
A security expert quoted in this report, who was made anonymous, is said to have taken five minutes to access the records and had accessed at least 55 students’ records – most of them done with a simple change with the ID number via the URL.
According to the investigation, this was made public to the university administrators in 2007, but was not dealt with. It also comes within days after a recent attack on its security by a hacker called “Evil” who defaced the homepage, with messages – including one to support the Queensland Flood Appeal. The hacker, according to another SMH piece, lives in Brazil.
Two internet security firms have been called to help protect the University’s network. As well, the New South Wales Privacy Commissioner is also said to be investigating the privacy breach, saying that it had breached the NSW Privacy and Personal Information Protection Act 1998.