Hong Kong education authorities have urged schools to keep a closer watch on their computer systems for security breaches after hackers recently broke into a number of networks.
Of the nine schools involved in the cyberattack, the leakage of data – mainly personal information of pupils and staff – was found at four.
They were HKSKH Bishop Hall Secondary School, La Salle Primary School, Po Leung Kuk Ho Yuk Ching College and Islamic Kasim Tuet Memorial College.
The Education Bureau has asked the schools to report the incident to police and the privacy commissioner’s office.
The bureau outlined the breach, which was first detected in early November, and the responses to it in a paper to the Legislative Council education panel on Tuesday.
The incident concerned WebSAMS, or web-based school administrative and management system, which the government developed to allow electronic communication between institutions and the authorities.
The system enables each school to handle large amounts of data, including the personal details of students, parents and teachers. It also holds examination results, salaries and schools’ financial records.
At present, 988 schools use the application and individual institutions are responsible for the daily operation and management of their WebSAMS.
The hacking incident came to light last month after La Salle Primary School in Kowloon City reportedly fell victim to the breach. At the time, the bureau said at least eight schools were affected.
In the paper to lawmakers, the bureau said: “School technical support staff are reminded to review the server logs and access logs of all devices on a daily basis and be aware of any irregularities in the system, so that malicious attacks can be detected earlier to minimise the impact.”
But the bureau sought to distance itself from blame over the breach of the government system, saying it had detected irregularities in one school’s WebSAMS on November 8, and fixes were released in five days.
“[It was confirmed] that the system of the school was attacked but no data leakage was observed. Immediate actions were taken … to stop the attack and to protect the system from being affected. A new version of WebSAMS was released on November 13, 2019 with an urgent notice strongly advising all schools to update their WebSAMS to the new version as soon as possible,” the paper said.
Hacking computer systems in schools will not result in much financial gain. There is no credit card information in our systems
Teddy Tang, school principal
“The version update of WebSAMS is also carried out by individual schools and thus, updates of WebSAMS may not be done at the same time for all schools and versions that were in use by the schools recently being attacked were different.”
Hong Kong Association of the Heads of Secondary Schools chairman Teddy Tang Chun-keung believed hackers might hit networks at random.
“Hacking computer systems in schools will not result in much financial gain. There is no credit card information in our systems,” Tang said.
Tang, principal of Hong Kong Management Association K S Lo College, said his school had installed additional firewall software to protect its computer system.
This article Hong Kong schools urged to keep closer watch on computer systems after hacker attack on nine networks first appeared on South China Morning Post