University of Sydney Data Breach Incident Raises Information Security Concerns

Jan. 21, 2011 - PRLog -- Over the last few months, several major universities have reported data breach incidents. Recently, the website of University of Sydney was sabotaged and altered by a cybercriminal. University of Sydney has acknowledged the existence of a security flaw on the website, which caused leakage of confidential information related to students.

Confidential information such as names, residential address, e-mail addresses, details of enrolled courses and costs related to thousands of students have been reported to be leaked by a hacker, who identifies himself as Evil. Security experts at the University have blocked access. Access to the vulnerable part of the website was blocked after the discovery of the leak. The office of the New South Wales Privacy Commissioner is investigating the data breach incident. Students availing library services seem to be the most affected.

Data leakage has serious repercussions on the privacy and information security of the affected individuals. Cybercriminals may use the acquired information for applying for student (fake) loans, blackmailing, identity theft, mail theft and other forms of deceit.
The offender has claimed access to significant part of the University network. The security flaw in the website allows any person with knowledge of a student ID number to gain access to details of several students by tweaking the ID number in the URL of the page.

As threats in the cyberspace are growing in sophistication, IT personnel must be encouraged to attend seminars, workshops, refresher courses and IT training sessions to update their technical skill sets.Ironically, the University was cautioned against the existence of such vulnerability four years back.  

While University authorities have claimed that security flaw has been mitigated, regular evaluation of security status of web applications is crucial to prevent data security breach incidents. Usually, penetration testers conduct in-depth tests and analyze the vulnerabilities and threat vectors and help organizations take corrective measures.

As attacks sometimes require user intervention, employees and students must be guided on safe Internet usage through online training and video clips. Proactive assessment and mitigation of threats is crucial to safeguard websites from security breaches.

Contact Press
EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).