Thousands of Canterbury University students had their personal information exposed when online services were shut down leaving private records available to anyone with a user code and password last night.
Information such as IRD numbers, transcripts, results, outstanding payments, medical conditions, and personal addresses could all be easily accessed online and could be changed by system users, The Press newspaper reported today.
The university's information technology (IT) department shut down the webfront -- which is how people access the university online system -- shortly after 8pm.
University director of student administration Linda Roberts told the paper the university did not know what the problem was but could confirm it was within the university's system and not with external software providers.
IT director Michael Dewe said he was unsure when the system would be back up and running but an emergency meeting was to be held this morning to assess the situation and decide how to deal with it.
The university had installed a new online system late last year but there had not been any problems until now, he told the paper.
He was notified of the problem after The Press contacted the university yesterday afternoon but said other staff had been aware of the situation since early Sunday morning.
University summer school student and former University of Canterbury Students' Association (UCSA) vice-president Kyle Millar logged on to the university system on Saturday to check his results from summer school and ended up looking at more than two dozen other students' personal details, the paper reported.
"I could phone up student help or whatever and set up direct credit of their credit account into my bank account and thank-you very much -- and I'd have the information to confirm it all," Mr Millar said.
"The last thing we want is 1200 new students on campus rolling around in the information details of everyone else," he said.
Mr Dewe said by shutting the system down the university should be able to trace most corruptions to people's records through a back-up tape, but there would still need to be notification around campus urging people to check their personal details.
Mr Dewe said part of the problem was that it was enrolment time at the university, which meant thousands of students would be accessing the system at one time.
While the new system had been vigorously tested for security there was no way to prepare for 12,000 people using it during enrolment week, he said.
UCSA president Warren Poh said the biggest concern with the glitch was that students' details could have been changed.
Mr Poh said students should be able to expect their online details were kept private as with any bank or financial institution.
- NZPA
Student records left exposed after computer glitch
AdvertisementAdvertise with NZME.
