Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CUHK. Show all posts

Major Data Breach at CUHK Affects Over 20,000 Students and Staff

 


Over 20,000 individuals from the Chinese University of Hong Kong (CUHK) were impacted by a data breach at one of the institution's schools in the city that resulted in their personal information being stolen. This is just the latest in a string of data breaches in this city. According to a statement released by the School of Continuing and Professional Studies (CUSCS) on Thursday, the server of an online learning system that the school uses was hacked on June 3. A statement was released by the School of Continuing and Professional Studies (CUSCS) on Thursday notifying us that the server for an online learning system they use has been hacked, as announced by the school. 

There were 20,870 Moodle accounts involved in the study, including employees, part-time tutors, students, graduates and some visitors, who provided names, email addresses and student numbers. As a result of the three unsuccessful login attempts, the college stated that it had deactivated the related account, reset the password, moved the online learning platform away from the responsible server, and strengthened security measures to block the account. 

There was a hacking attack on the school's name and email address, but an investigation by cybersecurity professionals showed that their information had not been leaked to any public websites or dark websites. It has been reported to the police and the Office of the Privacy Commissioner for Personal Data (PCPD), the city’s privacy watchdog, that the incident happened. A report sent by CUHK on Wednesday and a complaint regarding the data breach were received by the PCPD on Thursday. 

Moodle is an open-source learning management system that allows teachers, administrators, and students to create individualized learning environments for online projects in schools, colleges and workplaces. The PCPD has said that they received a report and complaint regarding the data breach on Thursday. A custom website can be created with Moodle containing an online course as well as community-sourced plugins that can be added to the website as well. 

In addition to establishing a crisis management team containing the dean, deputy dean, director of information technology services, director of administration, and director of communications and public relations, the college has established a crisis management team to assess the risks that may arise. CUSCS said the incident has also been reported to CUHK. It was the responsibility of the college to hire a security consultant who conducted an immediate investigation into the matter and discovered that there were no large amounts of data that had been exposed, and the relevant information was not found on the dark web. 

It has also been reported to the police, as well as to the Office of the Privacy Commissioner for Personal Data (PCPD) for the university, which follows established procedures, to notify them of this incident. There was a complaint received by the PCPD regarding the incident on Thursday, the police department announced. The CUSCS stated that through the leak of data, 22,873 Moodle accounts of tutors, students, graduates, and visitors including their names, emails, and student numbers were compromised. In the recent past, there has been a massive theft of personal information from one of the institution's schools after a server had been breached. 

It was discovered on the dark web domain BreachForums that the breached information was readily available on a dark web domain known as BreachForums despite statements made by the university management that they were unaware of any leaks on public platforms. There was a post on the dark web posted by a Threat Actor (TA) who went by the alias "Valerie," in which she claimed to be a hacker who was willing to sell their data to a buyer. "Approximately 75 per cent of the stolen information was sold to a private party, and the breach was financed in this way by the private party," TA stated.  There was no sharing of the rest of the data. 

Following multiple offers, it was decided to take the initiative and make a public sale." This is the third educational institute in Hong Kong this year to have been struck by a cyber attack as a result of multiple offers. It has been reported that the Hong Kong Institute of Contemporary Culture, Lee Shau Kee School of Creativity, was hit by a ransomware attack in May when data belonging to more than 600 students and faculty members were compromised. 

In April, Union Hospital, a private medical facility, experienced a ransomware attack that compromised its servers and reportedly resulted in operational paralysis. Similarly, in February, the Hong Kong College of Technology faced a ransomware attack, leading to a data breach affecting approximately 8,100 students.