More than 100,000 students at the University of Toulouse have had their personal data compromised and published on an unsecured server.
Beyond the students there are also certainly those of the members of the administration of the higher education institution which was compromised and not to mention 360,000 teachers of Quebec nationality.
This article will also interest you: Epitech gets hacked
You realize then security problems in computer systems is not simply done by private companies. educational institutions private institutions or other public institutions are also vulnerable. and the example of the University of Toulouse is a palpable case.
the the data disclosed consisted mainly of information identification such as names and surnames and some dates birth. Moreover, there are still other information such as email addresses, connection establishments… this data has been transmitted according to the latest findings to other servers located in Eastern Europe.
The culprits of this hacking computer doesn't have yet to be identified. Regarding the causes of the computer hacking that resulted from the data leak, the President of the University, Philippe Rimbault explains that the data was originally stored on an external server owned by a French company called Gedivote, a subsidiary of another Gedicom. This company had been contacted by university with the aim of electronically organising the election of the student representative of his council Administration. It is during this course that the company commits a fault of programming that leads to the exposure of all the University's data. the discovery of the vulnerability was made by chance following a carried out by the data protection delegate at the Institute Champollion National University. Revealed exactly at 1:08 p.m., the security was blocked 52 minutes later, i.e. at 2 p.m. This has prevented any intruders from accessing exactly University information. A little late, because, the data had already been exfiltrated and transferred elsewhere.
One thing is clear there don't be surprised to see all this information these days marketed on the dark web. Those affected need to be very careful. Not to be the victim of phishing campaign though Targeted. What is not right is not going to be missed by the way. According to the president of the university, the fault lies exclusively with the claimant.
The National Committee on Information Technology and Freedoms has been referred to the issue in accordance with the European Regulation of Personal Data. And it will not be surprising to see the company providing a fine for negligence or breach of duty. With regard to the culprits of the data theft, investigations are still ongoing. But it is unlikely that one day the identity of those who managed to extract the personal information of the students will be discovered. Unless of course they make a big mistake where even denounces themselves. The CNIL's report is awaiting the future. An even more case of data leakage during this month of February.
Now access an unlimited number of passwords: