Lack of proper IT security expels Montreal student

by

January 23, 2013

A Montreal computer science student was expelled recently for finding IT security holes in the school’s student portal, exposing the confidential records of over 250,000 students attending Dawson College.

Hamed Al-Khabaz was working on creating a mobile application for students to have easier access to their school accounts. As he worked on his mobile application he probed the school’s portal, used by students in the Quebec CEGEP program. What Hamed discovered was that by simply exchanging student numbers in the encrypted links, he could easily find social insurance numbers, transcripts and even home addresses of his fellow students.

Hamed was quoted in a report we read on the IT security issues at Dawson College: “It was completely insecure,” he said. “Anyone in the world could log in and access someone’s data.”

Dawson College eventually expelled Hamed over concerns that his findings constituted a threat against the school. This happened after Hamed had accessed the student records a second time, “just to check if it had been fixed.” Hamed said he never had an opportunity to explain his findings to Dawson College and let them know that he was simply trying to help out.

IT security and securing of information must be taken seriously by every organization. Large corporations and small businesses alike need to make IT security a priority in 2013. More and more examples are surfacing daily in the news on organizations that have security gaps in corporate IT infrastructure and with their online applications.

How effective is your IT security? Do you know? When was the last time you had a penetration test completed on your corporate network? Do you know who has access to your business network?

Our team of IT security professionals are here to help you. Give us a call today to book a no obligation review of your business IT security.

We're Integris. We're always working to empower people through technology.

Keep reading

Cyber Threat Analysis Training for Businesses

When it comes to your business’s cyber security, your employees are your front-line fighters. Ensuring every person who works for your company receives cyber threat analysis training keeps you and your private information safe from vicious and clever hackers. Even if...

Luck, Security, and St. Patrick’s Day Facts You Need to Know

Luck, Security, and St. Patrick’s Day Facts You Need to Know

St. Patrick's Day is one of the most beloved traditions in America. And it's only getting more popular. In fact, according to a recent report from the National Retail Federation, 54 percent of Americans plan to celebrate the day, and expect to spend $43 each while...