The security of confidential information held in the Central Union has again been exposed as considerably lax after Live! has been able to access files and folders, many marked as 'In Confidence' or 'Sensitive' on the Union Directory. Live! discovered that the Directory could be mapped by any member of Imperial College with a valid login after access was already present on a number of Union Officer Accounts.
The reporter informed the Out of Hours ICT Service Desk of the vulnerability of the information but was told that they were 'not important enough' to lodge a complaint at that time of night. Rather than getting someone out of bed, ICT's advice was to contact the team by email to deal with the incident in the morning. A short while later, ICT rang back to clarify that the reporter, along with all other Imperial College users, could see the same confidential information that they could see and suddenly agreed that the complaint might be important enough to deal with immediately.
The confidential files that could be accessed included financial records, staff contracts and disciplinary information for both staff and students. The disciplinary folder in the Permanent Secretary's file included official warnings and invitations to disciplinary hearing panels. In other files marked "Casework - Sensitive" there were notes on individual students' academic complaints to the ICU Deputy President (Education and Welfare). There were numerous folders related to staffing, bar figures, finance and payroll.
At the time of publication access was slowly being removed from the folders to prevent sensitive information from being divulged. Live! wonders how much other information in College could be available to all users simply through mapping random network drives.
Editor's Note: Live! ensured that all information had been secured before publication. Access has now been removed to all confidential and sensitive files in the Union Directory.