A school in
Hampshire, England was the victim of a breach in information security
On March ,
2011. Thousands of personal records were exposed after a student hacked
into the
school’s systems. The attack was
immediately reported to the schools information
commissioners
office, and as a consequence, the headmaster of the school must announce a
public
apology to the victims of the attack. According to the (ICO), details of nearly
20,000
individuals
were put at risk during the attack, 7,000 of which were students. Files hacked
from the
schools website included medical information about students as well as
information
about
parents and teachers. The way the student hacked the schools website and
administrative
systems was made easier because a staff member used the same password to
access both
the schools website, and its administrative systems. The school stated that it
had advised
the staff to avoid using duplicate passwords but didn’t enforce this policy. The
goal of the
hacker was to gain unauthorized access to the schools records ad detailed
personal
information
of other students. The cause of the attack stemmed from school staff members
disregarding
a computer password policy. Although it is more difficult to remember multiple
passwords,
David Emm, a senior security researcher, offered a solution. A password manager
application,
which creates and memorizes all passwords and stores them behind a single
password was
suggested by Mr.Emm. Unfortunately,
security breaches are becoming a
major
problem across the world because of using duplicate passwords. In my opinion,
the attack
of the Hampshire school could’ve been avoided if their pre-existing password
policy had
been strongly enforced by the school. The other way I think this attack
could’ve
been avoided
would’ve been by having the school staff members be required to have some
type of
background involving computer security.
