Massey University’s intranet system, MyMassey, is under scrutiny after a severe breach of security gave thousands of students access to highly sensitive information.
The breach, attributed to an “operating system patch release,” allowed students access to Massey ID numbers, full names, date of birth, IRD numbers, academic transcripts as well as contact addresses and phone numbers.
Albany Students’ Association President Rawa Karetai was one of the first students to notice the error.
“[When] I was first made aware that MyMassey started giving out personal information about other students, I immediately went and found a computer that was free and started to check to see if I was experiencing the same issues.”
After having asked members of the Albany Students’ Association and the Massey University Students Association Federation to try logging into their accounts in order to see how widespread the problem had become, Karetai decided to take immediate action and called security in order to “…try and get this issue sorted urgently.”
This breach has some Massey students worried about the security of their personal information. Stephen Freeland, 20, said he found the incident “slightly daunting.”
“Considering that someone out there could have my address and IRD number, it makes me wonder if this glitch [has] happened before and will it happen again?”
Freeland isn’t the only one made anxious by the potential repercussions of this infringement of privacy.
“The most concerning thing of all of this,” said another student who did not wish to be named, “is that you can use some of this information as security questions for resetting your bank account information or to open a new bank account and use this as a means of identification theft.”
In a written statement released earlier today, Chief Information Officer Gerrit Bahlman stated that Massey University regretted the incident.
“[We] will be contacting the students affected to explain what happened and apologise. [Massey Albany] is committed to taking all reasonable precautions to guard against unauthorised access to confidential and personal information including the loss, misuse, and alteration of the information held by the University on its servers.”
Access to MyMassey will be temporarily suspended until the breach in online security is completely rectified.