Gavan Reilly reports:
The University Observer can exclusively reveal major security flaws within the UCD [University College Dublin] Registry, which allow an individual to gain access to the detailed academic records of any UCD graduate.
UCD’s Student Desk supplied The University Observer with copies of full academic statements for two recent graduates, after this newspaper compiled two standard application forms impersonating the students whose grades were being sought.
The forms in question require only basic details relating to the student’s enrolment in UCD – all of which may be available on university notice boards, over Blackboard, or through social networking sites such as Facebook.
[…]
The news follows a significant breach of UCD’s data protection rules last year, where a spreadsheet containing the mobile and home phone numbers, email addresses and student numbers of almost five hundred students in the Quinn School of Business was posted to a public area of Blackboard.
A similar issue occurred two years ago when the School of History & Archives displayed a list of names and student numbers on a public notice board alongside a list of exam results which were referenced by student number. Such practices are believed to still be widespread in many schools throughout UCD.
Read more on The University Observer.