Infosecurity

Data security of Singapore schools exposed

By Robin Hicks | 17 April 2009

The data security of schools in Singapore came into question this week when an online community group Singapore Security Meetup Group (SSMG) went onto the web sites of various schools and came away with personal information, such as addresses and identity card and telephone numbers of staff and students.

View photos

Related Articles

• Social media security risks exposed
• Navies discuss maritime security in Singapore
• Payment card security standard revamped

Related Categories

• INFOSECURITY

From this Section

• NEWS

The data security of schools in Singapore came into question this week when an online community group Singapore Security Meetup Group (SSMG) went onto the web sites of various schools and came away with personal information, such as addresses and identity card and telephone numbers of staff and students.

No hacking, spyware or any virus was needed. SSMG used search engines such as Google.

In one case, the user name and password of a system administrator popped up. With these, a hacker could use the server at the secondary school to send spam messages or host an Internet pornographic website.

SSMG member and chief technology officer of an IT firm, Mr Wong Onn Chee, showed documents containing personal information on the websites of a university, a junior college, a polytechnic, five secondary schools and a primary school which they found.

Such data leaks are not new.

In January, Internet security firm Trend Micro said it has identified at least 40 Singapore websites - which it termed ‘reputable’ - that were guilty of security lapses.

More ominously, said Trend Micro, the 40 sites - which have since cleaned up their act - likely form just a small proportion of those with questionable security practices.