IE: Schools warned over IT risk as pupil accesses confidential files
Katherine Donnelly reports:
Second-level schools have been told to step up their computer security after a pupil obtained a username and password that allowed access to confidential files.
The problem has arisen over the use of generic usernames and passwords, which schools may make available to substitute teachers.
The Department of Education alerted the Joint Managerial Body (JMB), representing the management in about two-thirds of second-level schools, to the security breach.
It is understood to have involved a pupil who obtained the username and password for ePortal, an electronic databank used in many post-primary schools.
The database gives immediate access to pupil records and histories. The username and password can be used not only to access personal and confidential information of pupils in the school in question, but in other schools where the generic setting has not been changed.
Read more on Independent.ie
How long as this been going on? And have there been other breaches that simply went undetected because IT systems did not flag access as an intruder because of the legitimate user/pass?