Student Records at Texas Women’s University Compromised
After discovering an online loophole that allowed him to access
student records, Texas Women’s University student Josh Ingram
thought he could use the loophole to change the recorded grades of
any student he wanted, the Denton Record-Chronicle reports (“TWU
Shuts Down, Secures Computer System After Student Finds Way to
Access Adviser Reports,” April 25, 2009).
But school officials say no one, including authorized users of the
student record system that Ingram breached, can change grades in the
system since any changes made in the university’s Degree Audit
Report System can’t be saved.
The online tool isn’t the university’s official record but a copy,
school administrators said, that allows students to track their
degree progress by viewing student grades and adviser reports.
Officials assured students that the incident didn’t leave students
vulnerable to identity theft.
“What we’re talking about is student's names, grades, and courses,”
said Robert Placido, associate vice president of informational
technology services for the Texas school. “It [the system] doesn’t
do anything; you can’t save anything. I understand why the student
who found it thought you could change information, but you can’t.”
The loophole left the university’s record system, which is typically
accessible to only 803 authorized users, exposed to more than 12,000
unauthorized users, Placido said.
Before the university could step in and shut down the site, which
took approximately four hours, Placido said that as many as 28
unauthorized individuals had accessed the system. The site has now
been secured and is back online, he said, and the issue has been
fixed.
As part of securing the system and getting it back online, Placido
said, the university added harsh language to the adviser-access
section of the site, warning violators who misused the portal that
they could be prosecuted.
“We want everyone to understand their information is safe,” Placido
said. “The loophole in the system is now closed.”