We checked if the university patched up some vulnerabilities reported by hackers last week

Jan 30, 2012 10:38 GMT  ·  By

Close to 100,000 students, faculty and staff members of the University of Hawaii will receive credit monitoring and fraud protection services for a period of two years after the educational institution admitted to a number of five data breaches.

The reputation of the University of Hawaii was stained by a lot of unfortunate situations that exposed both their students and their employees and oddly enough, not all the incidents involved hackers.

One of the breaches refers to a time when the personal information of faculty members was inadvertently posted online, exposing social security numbers, addresses, birth dates and educational data, SC Magazine reports.

Another incident occurred when hackers accessed the Manoa parking office server that contained sensitive information on 53,000 individuals, at the time, data from 200 credit cards being obtained by the attackers.

The largest settled class-action lawsuit Hawaii has ever seen caused a lot of waves, representatives of the University taking immediate measures to make sure that from now on security will not be neglected.

“The University of Hawaii engaged an expert external consultant to review its information security policies and practices across the university system, including all ten campuses, and is now actively implementing the recommendations as a system-wide security program," a spokeswoman told SC Magazine.

After hearing this news, a thought crossed our minds. We remembered that last week hackers from TeamHav0k identified a large number of university websites that contained cross-site scripting (XSS) and SQL injection vulnerabilities.

As it turns out, the University of Hawaii is taking security more seriously. The weaknesses were patched up soon after the hackers discovered them, which proves that not all website administrators lack the skill and willpower to secure their websites when a researcher or a hacker points out some flaws.