Massey Uni experiences serious breach of security

1 April 2009
Attention: Education, lifestyle, Political and Technology reporters
For Immediate Use

Media Release

Massey University experiences serious breach of security

The Massey University intranet system utilised by students from all across New Zealand, MyMassey, is under scrutiny after a severe breach of security left thousands of students able to access other people’s highly sensitive information.

Rawa Karetai, President of the Albany Students’ Association, was one of the first students to notice this critical error: “I was first made aware that the website www.mymassey.com started giving out personal information about other students at about 10.40pm. I immediately went and found a computer that was free and started to check to see if I was experiencing the same issues.”

Karetai, like many other students, now had access to a variety of highly sensitive personal information that was not his own. Information at his disposal included, but was not limited to, the following: Massey ID numbers; Full names; Date of Birth; IRD Number; Academic transcripts as well as contact addresses and phone numbers. Students who had discovered this fault were also able sign the person whose information they could now access up for new papers or amend any of their contact details.

After having asked members of the Albany Students’ Association and the Massey University Students Association Federation to try logging into their accounts in order to see how widespread the problem had become, Karetai then decided to take immediate action and called security in order to “…try and get this issue sorted urgently”.

This breach of security has some Massey students worried as to the security of their personal information. Stephen Freeland, 20, finds the incident “slightly daunting, considering that someone out there could have my address and IRD number…it starts to make me wonder that if this glitch has happened now, has it happened before and will it happen again?” Freeland isn’t the only one made anxious by the potential repercussions of this infringement of privacy. “The most concerning thing of all of this,” said another student who wished not to be named, “is that you can use some of this information as security questions for resetting your bank account information or to open a new bank account and use this as a means of identification theft”.

In a written statement released earlier today, Chief Information Officer Gerrit Bahlman attributed the incident to “an operating system patch release”. He stated that Massey University “…regret the incident and will be contacting the students affected to explain what happened and apologise…” and that the University is “…committed to taking all reasonable precautions to guard against unauthorised access to confidential and personal information including the loss, misuse, and alteration of the information held by the University on its servers”.

Access to MyMassey will be temporarily suspended until the breach in online security is completely rectified.

ENDS

© Scoop Media