Sign in / up

back to article Lancaster Uni cordons off breached systems a week after thousands of folks' data pinched

Lancaster University has started withdrawing non-business-critical access to a breached student database – more than a week after the apparent hack took place. Following the breach, which affected somewhere between 12,000 and 20,000 people, the northwest England uni has begun pulling staff access to its LUSI (Lancaster …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Sgt_Oddball
    Windows

    I always assumed...

    It better to lock access to everyone bar the people you can see and slowly open back access to those you can trust and/or screams loudly in the event of breach?

    Users tend to be more understanding when you explain why and that it's not permanent so long as you have legitimate need to access a system.

    Or maybe that's just me.. (coming from someone who built a firewall rule that managed to block most of China from seeing my server at the time.). That was a fun one to untangle.

    4 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    And every other Uni said...

    Thank f**k it wasn't us.

    12 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: And every other Uni said...

      Yup, they certainly are.

      The two I've worked for, full access to the student database (incl current, past and present, and every bit of information they ever submitted or generated) was pretty much the default for all staff... regardless of role or need, and it could be accessed from anywhere on or off site.

      I always found it perculiar, but as with most things in the sector, there was no desire to change, even on recognition of a issue.

      Hopefully others will at least tighten things up now. No access until a specific need is shown, and then limited information to the role... mandatory TFA for anyone who requires access (Something I never saw used once during ten years in the HE sector). And I'm sure lots more... But it's not that these things can't be done, or those running the systems don't know how things should be done.

      It's a culture issue.

      7 0 Reply
    2. anothercynic Silver badge
      Reply Icon

      Re: And every other Uni said...

      Until it *is* them... And they keep shtumm.

      5 0 Reply
    3. ABT
      Reply Icon

      Re: And every other Uni said...

      Perhaps not every other. Police apparently also at York:

      https://www.minsterfm.com/news/local/2924294/online-hacker-targets-thousands-of-york-students/

      3 0 Reply
      1. Alister
        Reply Icon

        Re: And every other Uni said...

        Oops...

        0 0 Reply
  3. unautrenom

    LUSI online would be an access route to the LUSI system rather than the entire system. They haven't removed access for people, just restricted the ways it can be accessed.

    1 0 Reply
  4. Anonymous Coward
    Facepalm

    Lancaster Uni cordons off breached systems a week after ..

    A clear case for the use of a hardware security dongle to access the system. And all records stored in an encrypted form at source. If I come across as slighty snarky in these posts, maybe it's because I sometimes feel like I'm stuck in a tech version of Groundhog Day.

    Studying Cyber Security MSc at Lancaster University

    5 0 Reply
  5. Securitymoose

    And the university doesn't have an IT Department?

    With all the clever youngsters coming through the ranks,how on earth did the uni leave the doors open? Didn't the sys admins take a course in cyber security? Wait, what's this? https://www.lancaster.ac.uk/study/postgraduate/postgraduate-courses/cyber-security-msc/

    Time for the Chancellor to resign from 'Egg-on-Face' University perhaps?

    2 0 Reply
  6. The Nazz

    LUSERS

    Lancaster University Student EnRolment System.

    The bit i find hard to believe is that 12,500 applied to go to LU. And pay, extortionately, for the privilege.

    0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like