Lack of proper IT security expels Montreal student


January 23, 2013

A Montreal computer science student was expelled recently for finding IT security holes in the school’s student portal, exposing the confidential records of over 250,000 students attending Dawson College.

Hamed Al-Khabaz was working on creating a mobile application for students to have easier access to their school accounts. As he worked on his mobile application he probed the school’s portal, used by students in the Quebec CEGEP program. What Hamed discovered was that by simply exchanging student numbers in the encrypted links, he could easily find social insurance numbers, transcripts and even home addresses of his fellow students.

Hamed was quoted in a report we read on the IT security issues at Dawson College: “It was completely insecure,” he said. “Anyone in the world could log in and access someone’s data.”

Dawson College eventually expelled Hamed over concerns that his findings constituted a threat against the school. This happened after Hamed had accessed the student records a second time, “just to check if it had been fixed.” Hamed said he never had an opportunity to explain his findings to Dawson College and let them know that he was simply trying to help out.

IT security and securing of information must be taken seriously by every organization. Large corporations and small businesses alike need to make IT security a priority in 2013. More and more examples are surfacing daily in the news on organizations that have security gaps in corporate IT infrastructure and with their online applications.

How effective is your IT security? Do you know? When was the last time you had a penetration test completed on your corporate network? Do you know who has access to your business network?

Our team of IT security professionals are here to help you. Give us a call today to book a no obligation review of your business IT security.

We're Integris. We're always working to empower people through technology.

Keep reading

How the Best IT Companies in Minnesota Support the Hybrid Workforce

How the Best IT Companies in Minnesota Support the Hybrid Workforce

After the initial shutdowns and stay-at-home orders lifted following COVID-19, workers throughout the United States and Minnesota decided that the work-from-home model was here to stay. It makes sense -- working from home offers a lot of convenience to your team – and...

Do I Need To Improve My Endpoint Protection?

Do I Need To Improve My Endpoint Protection?

A compromised endpoint gives hackers everything they need to get a foothold in your security network. Once there, they can steal data and potentially hold it for ransom. That’s why it’s so important for business owners to secure their critical endpoints (including...

Multi-Factor Authentication

Multi-Factor Authentication

Granting access to information is a necessity, as is security for both the user needing access and for the information for which access is being granted. The best way to handle this is by establishing user accounts for users. This does several things at once: Allows...