PERSONAL RECORDS of thousands of secondary school pupils – including their academic records, parents’ details and disciplinary history - could be available to view by any internet user, TheJournal.ie
A grave security flaw in the data management systems used by a large number of Irish secondary schools means that highly sensitive data is available to anyone – armed with only a generic username and password.
The systems, which run on servers physically installed in the schools, use ‘ePortal’ software created by the British services giant Serco and can be accessed remotely through the internet – though all data is hidden to anyone without a password.
But a default, generic username and password combination – which is now said to have been leaked online – allows full access to almost all of the ePortal servers run in Irish schools, opening up public access to thousands of pupils’ records.
The leak of this combination – which can be thought of as a master key, allowing anyone with them to log in to any
Irish school’s ePortal server – means the personal data of the pupils in those schools can be accessed quickly and easily.