[BreachExchange] A Hidden Bug In The System Puts 21, 000 U.K. Students At Risk

[Destry Winant]

https://hackercombat.com/a-hidden-bug-in-the-system-puts-21000-u-k-students-at-risk/

A hidden bug found within an information management system may have
compromised the data of 21,000 U.K. schools, who are all now at risk
of a possible breach. It appears the matching algorithm of student
records of the system is failing and producing incorrect results when
queried. The glitch introduced a peculiar bug where students were able
to access personal information belonging to other students when
logging in to the system. School authorities in the U.K. are currently
investigating the source of the bug with great immediacy.

Capita, the company who first developed the customized information
management system clarified, “The consequence of the corruption is
that contact information for the incoming pupil, for example, address,
telephone number, and email address, may have become associated with
other pupil’s records, or the new pupil could themselves be linked to
the wrong contact details. The problem could have impacted
pre-admission students, pupils currently enrolled, and the records of
those who once attended.”

Capita also announced a newer version of the information management
system is already in the pipeline, which they believe will completely
solve the issue. They have also created a more secure program
procedure which will prevent any cross-accessing of data between
students. “We have identified isolated instances where the contact
details of new applicants to a school have merged with those of
existing pupils. This has only happened on rare occasions where the
first name and surname of a student’s listed contact are an exact
match. We have taken immediate steps to fix the software and prevent
this from happening again and have also notified other schools on how
to identify and rectify any issues. We apologize to schools and
parents for any disruption this may cause,” emphasized Capita’s
spokesperson.

Security issues and subsequent exposure of student and faculty privacy
in the U.K. school system is nothing new. Just last February 2018, a
school CCTV system was penetrated by hackers and enabled public web
broadcast. A live video feed of the corridors, playgrounds and even
restrooms of the St Mary’s Catholic Academy and Highfield Leadership
Academy were made publicly viewable.

Spear phishing has also been prevalent in U.K. Schools, as fake emails
pretending to be from the education department have reached the
mailboxes of faculty members, who were asked them to provide personal
information. Faculty members and other staff were warned not to open
any questionable attachments or emails they don’t recognize. Many of
these phishing emails are only looking to deliver ransomware which, as
we know, will encrypt computer files and hold the data hostage until
the user pay to regain the files.

According to Phishing.org, a non-profit organization that helps firms
to educate their staff about the dangers of phishing, users need to do
the following:

- Use hardware firewalls.
- Think before clicking a link.
- Be wary of random pop-ups.
- Keep web browsers updated.
- Use updated Antivirus Software.
- Install an anti-phishing toolbar if possible.
- Stay aware of the newest phishing techniques.
- Regularly evaluate user accounts for evidence of being targeted.
- Verify the site’s security by checking its certificate before moving forward.
- Do not any provide personal information unless the destination is verified.