The University of Canterbury’s student website went down last week after the discovery of a major security failure that left students’ personal details exposed.
The security fault meant details such as students’ IRD numbers, addresses, academic records and records of fees owed could be accessed and changed by anyone with a Canterbury University computer user code.
Canterbury’s Information Technology department took the entire student web system offline immediately after they were informed of the problem and Director of Information Technology Michael Dewe says it will remain in such condition until “extensive testing” has been carried out.
The security failure was originally reported to Christchurch’s daily paper The Press by career-student Kyle Millar after he discovered the problem on Saturday the18th. However, University of Canterbury management was not made aware of the situation until they were informed by The Press at 8pm the next day.
Dewe is unsure of exactly what caused the problem, or how long the flaw in the system had existed. “It has been very difficult to actually establish precisely what the symptoms were… and because of this we’re doing some very extensive testing,” he said.
The Canterbury IT department has brought in a web security expert to review all activity over the week prior to the fault being discovered. Additionally, some of the University’s top computer science students have been recruited to help test the system before it goes back online.
Dewe says the University is “very concerned” by the security failure, but believes that the problems experienced were “random in nature.” He is confident that there is no evidence of a hacker causing the fault. Dewey was cautious about naming a date for when the student web system would be back online, saying he hoped it would be up and running “sometime [this] week.”