One would think that the department that has sovereignty over the establishment and monitoring of school standards for our children’s education, might be a little bit smarter.
Acting CEO of NESA, Paul Daniell, said a thorough investigation into the unauthorised access of HSC results by a small number of students ahead of their official release has been completed.
‘The investigation found that up to six per cent of HSC students – less than 4,500 – may have been able to access their results early using an old URL.
Not a data breach or a hack
‘This was not a data breach or a hack. Students were able to access a hidden page of Students Online, which showed their own results only.
Following a thorough investigation, NESA found that students were not able to access information that did not relate to them personally and they could not view another student’s results.
NESA said there is no evidence that persons without credentials to access NESA’s systems (i.e. a student log on) could see these results at all or otherwise access the system.
While NESA cannot be certain of the exact number of students who accessed the unauthorised information, the systems recorded less than 4,500 unique page views of the relevant site page. This represents a maximum number of students who could have accessed the information but likely overstates the number, as the same individual accessing the page at different points in time or from different devices would be recorded multiple times.
A detailed technical assessment
Mr Daniell said NESA has since undertaken a detailed technical assessment and implemented a range of additional security measures, including removing out-of-date coding, to ensure this never happens again.
‘I would like to again offer my sincerest apologies to students for any distress this may have caused.’
