• Due to a glitch in the old vBulletin software, some users were "banned" when they tried to change their passwords at the end of February. This does not apply after the site was converted to Xenforo. If you were affected by this, please us viua the Contact us link in the footer.

HUGE Data Protection leak in Irish Schools.


Neutron

Well-known member
Joined
Jan 6, 2012
Messages
3,980
Some Breaking news,

A huge Data Protection Leak that allows anyone with a generic username and password can log onto school servers remotely and access and alter data.

Some of the records than can be accessed include


  • The pupil’s photograph
  • Their date of birth
  • Their parents’ names and contact phone numbers
  • Details of any of the pupil’s siblings who are also enrolled in the school
  • The name of the pupil’s family doctor
  • The classes in which that pupil is enrolled, and their individual timetable
  • The pupil’s attendance records
  • Records of the student’s misconduct, including disruptive behaviour or homework not completed, and
  • Results of that pupil’s in-house examinations for as long as the system has been live, and their results in any state exams


And the government want us to give them a Yes vote in the upcoming referendum and they ant even ensure childrens data is protected!


PERSONAL RECORDS of thousands of secondary school pupils – including their academic records, parents’ details and disciplinary history - could be available to view by any internet user, TheJournal.ie can reveal.

A grave security flaw in the data management systems used by a large number of Irish secondary schools means that highly sensitive data is available to anyone – armed with only a generic username and password.
The systems, which run on servers physically installed in the schools, use ‘ePortal’ software created by the British services giant Serco and can be accessed remotely through the internet – though all data is hidden to anyone without a password.


But a default, generic username and password combination – which is now said to have been leaked online – allows full access to almost all of the ePortal servers run in Irish schools, opening up public access to thousands of pupils’ records.


The leak of this combination – which can be thought of as a master key, allowing anyone with them to log in to any Irish school’s ePortal server – means the personal data of the pupils in those schools can be accessed quickly and easily.
Irish pupils’ records at risk in major data protection threat
 


Cato

Moderator
Joined
Aug 21, 2005
Messages
20,559
You forgot this bit:

The Department stressed that the data management packages used by schools is chosen on a case-by-case basis by each school’s board of management, and that the Department had no role in choosing or operating the software.

This is borne out by records of tenders issued by the Department, which do not include any school management software packages.
 

Analyzer

Well-known member
Joined
Feb 14, 2011
Messages
46,189
Who got the contract for the system ?

Somebody related to a former minister in the drinks cabinet, or somebody who was a life long pal of a minister in the current government ?

Was there even an evaluation process ?

Here we go again, more sloppy state tendering.
 
Last edited:

Cato

Moderator
Joined
Aug 21, 2005
Messages
20,559
Who got the contract for the system ?

Somebody related to a former minister in the drinks cabinet, or somebody who was a life long pal of a minister in the current government ?

Was there even an evaluation process ?

Here we go again, more sloppy state tendering.
The management boards of the individual schools made the decisions not the state.
 

Neutron

Well-known member
Joined
Jan 6, 2012
Messages
3,980
The management boards of the individual schools made the decisions not the state.
Usual pass the buck politics, The government are responsible for Education in the state nobody else.

If they allow schools to tender contracts that's upto the government, dosent take away the fact the government are still responsible for Education.
 

Neutron

Well-known member
Joined
Jan 6, 2012
Messages
3,980
A spokeswoman for the Department of Education said it became aware of the issue on Wednesday when a parent notified it that their child had been able to log into their own school’s server, and that of another school, using only the generic username and password.


The Department had contacted Serco to inform them of the breach, and had “requested them to take urgent and immediate action to alert schools that had purchased the E-portal application of the potential risk to any personal data held by the school, and to take whatever corrective action is deemed necessary to reduce any risk”.
 

dresden8

Well-known member
Joined
Feb 5, 2009
Messages
14,936
Usual pass the buck politics, The government are responsible for Education in the state nobody else.

If they allow schools to tender contracts that's upto the government, dosent take away the fact the government are still responsible for Education.
I thought all you people liked decentralisation of functions away from the inefficient civil service.
 

seabhcan

Well-known member
Joined
Sep 3, 2007
Messages
14,327
Who got the contract for the system ?

Somebody related to a former minister in the drinks cabinet, or somebody who was a life long pal of a minister in the current government ?

Was there even an evaluation process ?

Here we go again, more sloppy state tendering.
"software created by the British services giant Serco"
 

Cato

Moderator
Joined
Aug 21, 2005
Messages
20,559
Usual pass the buck politics, The government are responsible for Education in the state nobody else.

If they allow schools to tender contracts that's upto the government, dosent take away the fact the government are still responsible for Education.
Eh ... you seem to have missed some salient features of the ownership, patron, and management structure of Irish schools.
 

Analyzer

Well-known member
Joined
Feb 14, 2011
Messages
46,189
This is extremely dangerous. Especially given the lax attituide, even still with regard to paedos in the state.

There are peados coming and going through Dublin Airport every week, and they never come to the attention of the gardai, because they are white, and well dressed. The cops do not have an electronic swipe to identify whether an arrival is on a paedo list in another country.

Then you hear that noted UK paedos showing up in neighbourhoods in the state - as a result of UK police trying to track them down when they are no longer showing up in the UK, or if bank transactions indicate that they are here.
 

Bill

Well-known member
Joined
Feb 1, 2009
Messages
8,290
sounds like a bunch of systems shipped with a generic username/passwd(not uncommon) and whoever installed them didn't bother to close the accounts before they were moved into production(again not uncommon)
 

Analyzer

Well-known member
Joined
Feb 14, 2011
Messages
46,189
The management boards of the individual schools made the decisions not the state.
Well, it seems as if they are not qualified to make such decisions.
 

Cato

Moderator
Joined
Aug 21, 2005
Messages
20,559
This is extremely dangerous. Especially given the lax attituide, even still with regard to paedos in the state.

There are peados coming and going through Dublin Airport every week, and they never come to the attention of the gardai, because they are white, and well dressed. The cops do not have an electronic swipe to identify whether an arrival is on a paedo list in another country.

Then you hear that noted UK paedos showing up in neighbourhoods in the state - as a result of UK police trying to track them down when they are no longer showing up in the UK, or if bank transactions indicate that they are here.
It's extremely sloppy and potentially far worse.
 

Cato

Moderator
Joined
Aug 21, 2005
Messages
20,559
Well, it seems as if they are not qualified to make such decisions.
Indeed. The State may have to assert greater control over them, which in terms of a different topic I'd be happy to see.
 

seabhcan

Well-known member
Joined
Sep 3, 2007
Messages
14,327
sounds like a bunch of systems shipped with a generic username/passwd(not uncommon) and whoever installed them didn't bother to close the accounts before they were moved into production(again not uncommon)
Yep. So far as I can see, the software supplier/installer is to blame. The schools could not be expected to know that the vendor had left default user accounts turned on.
 

poolfan81

Well-known member
Joined
Mar 27, 2010
Messages
955
A private company provides the service

Undoubtedly it was a private company who installed the software

The board of management probably paid them to do a service and they ************************************ up

Private company showing unbelievable incompetence
 

seabhcan

Well-known member
Joined
Sep 3, 2007
Messages
14,327
A private company provides the service

Undoubtedly it was a private company who installed the software

The board of management probably paid them to do a service and they ************************************ up

Private company showing unbelievable incompetence
Clear case of private sector incompetence. Private sector wasting tax payers money, etc. Probably on outrageous wages too.
 
D

Dylan2010

A private company provides the service

Undoubtedly it was a private company who installed the software

The board of management probably paid them to do a service and they ************************************ up

Private company showing unbelievable incompetence
most IT companies are private, what does it have to do with the thread? schools buy white boards, tables, chairs and sports equipment make by private companies....
 

seabhcan

Well-known member
Joined
Sep 3, 2007
Messages
14,327
most IT companies are private, what does it have to do with the thread? schools buy white boards, tables, chairs and sports equipment make by private companies....
Some would have us believe that when someone in the public sector contracts work to the private sector, and it goes well, that is because the private sector is infinitely efficient and reliable. If, however, it doesn't go well, it is the public sector to blame for messing up the contract.
 

damus

Well-known member
Joined
Jun 28, 2011
Messages
23,671
Not to worry....cos, all they'll get is a slap on the knuckles from the Hawke (Data Protection Commissioner)!
 

New Threads

Popular Threads

Most Replies

Top