FIT College in Australia trains personal trainers. Unfortunately, their infosecurity wasn’t as fit as their trainers, it seems. The same hacker who hacked South West TAFE in Australia also claims to have hacked FIT and dumped a listing of their available databases on Pastebin yesterday.
“A lot more in this breach would have been achievable,” the hacker, who tweets as @ChrichirTheGod, informs DataBreaches.net. “I’m talking thousands of student records, and payment records, and more.”
Chrichir claims that he and @injekt_ had access to 5,000+ student records, and more than 6,000 payment records. The records, which Chrichir says they did not download, included names, e-mail and postal addresses, site passwords, account numbers with bank branch codes (BSBs), and credit card numbers with expiration dates and cvv codes.
“There was very little encryption,” he tells DataBreaches.net, claiming that all the student data was unencrypted and some payment information was also unencrypted.
When asked why he and @injekt_ seemed to be targeting AU schools, he responded:
We target vulnerable people. They need to better their security, that’s the bottom line. No bullshitting around, this is 2015. We need better security.
DataBreaches.net e-mailed FIT College to alert them to the hack earlier today and to request a statement, but has received no response as yet.
That colleges continue to fall prey to SQLi vulnerabilities and expose unencrypted personal and/or financial information is concerning. Colleges and unis in AU may want to take note that these hackers are out to make a point. Are your defenses ready?