Live!
Tue 19 Sep 2017
- The award-winning student news website of Imperial College

Know something you shouldn't? Tell us, using our quick, 100% anonymous tip-off form!

Live! - News

Open Access to Confidential Files

Jan 28 2009 00:10
Pandora
Live! tripped over some interesting breaches of security last night with open access to files and folders on the Union Directory.
Confidential Files Accessed on the Live! Editor's Account

The security of confidential information held in the Central Union has again been exposed as considerably lax after Live! has been able to access files and folders, many marked as 'In Confidence' or 'Sensitive' on the Union Directory. Live! discovered that the Directory could be mapped by any member of Imperial College with a valid login after access was already present on a number of Union Officer Accounts.

The reporter informed the Out of Hours ICT Service Desk of the vulnerability of the information but was told that they were 'not important enough' to lodge a complaint at that time of night. Rather than getting someone out of bed, ICT's advice was to contact the team by email to deal with the incident in the morning. A short while later, ICT rang back to clarify that the reporter, along with all other Imperial College users, could see the same confidential information that they could see and suddenly agreed that the complaint might be important enough to deal with immediately.

The confidential files that could be accessed included financial records, staff contracts and disciplinary information for both staff and students. The disciplinary folder in the Permanent Secretary's file included official warnings and invitations to disciplinary hearing panels. In other files marked "Casework - Sensitive" there were notes on individual students' academic complaints to the ICU Deputy President (Education and Welfare). There were numerous folders related to staffing, bar figures, finance and payroll.

At the time of publication access was slowly being removed from the folders to prevent sensitive information from being divulged. Live! wonders how much other information in College could be available to all users simply through mapping random network drives.

Editor's Note: Live! ensured that all information had been secured before publication. Access has now been removed to all confidential and sensitive files in the Union Directory.

Email this Article | Share on Facebook | Print this Article

Discussion about “Open Access to Confidential Files”

The comments below are unmoderated submissions by Live! readers. The Editor accepts no liability for their content, nor for any offence caused by them. Any complaints should be directed to the Editor.
1. ha   
Jan 28 2009 00:22
 

hahahahahaha

3. ...   
Jan 28 2009 10:18
 

It's not ICT's data so it really isn't their problem. The union have the power (and only they should have the power) to set the correct permissions on the files. So you want to blame someone blame the union for failing to protect their data.

4.  
Jan 28 2009 16:32
 

did Live! Editor find documents about project omega?

Jan 28 2009 19:49
 

"Permanent Secretary" ?!!

Who is the registered data controller? The Union or the College?

6. This post has been deleted.
Jan 28 2009 21:47
 
Jan 29 2009 13:08
 

Registered Data Controller is College; the notification for the Union is contained within the College's - Z5940050.

Jan 29 2009 13:41
 

Meh. The undergraduate office somehow managed to photocopy someone's exam transcripts onto the back pages of a set of lecture notes. Looks like I should never have told this place my real name.

9. Anon.   
Jan 29 2009 13:58
 

One of our sets of lecture nots had an email from the lecturer to a student embedded in the middle, complete with names and email addresses, etc. It was in EVERY copy of the lecture notes.

Jan 29 2009 17:12
 

There was never any concrete evidence of Project Omega. People shouldn't believe everything they hear in the union corridors.

Jan 29 2009 17:19
 

However, you can probably believe everything you hear in SAC.

Watch out for more on this story in felix tomorrow.

;o)

Add your comment:

If you can see this, something is broken (either with your browser, or with our system). Please leave the box below empty, or your comment will be considered to be spam.
Live!

See Also

  1. Snippets - 24/11/2008
    24 Nov 08 | Snippets
  2. Snippets - 11/11/2008
    11 Nov 08 | Snippets
  3. Coursework Feedback: Late and Useless
    18 Sep 08 | News

Live! Poll

How frequently would you like to see a CGCU magazine being published




Live!