Murdoch University named in ‘concerning’ data security report by Auditor-General
By Madura McCormack
Western Australia’s auditor-general, Colin Murphy, released a report today detailing concerns about the security of sensitive information stored by agencies.
Murdoch University was one of the seven agencies involved in the audit, which also includes Curtin University and the Legal Aid Commission of WA among others.
Murdoch University makes up 31 of the 115 failures logged in the report, seven of them extreme.
“Most concerning was that we continue to find weak controls in some basic, easy to fix areas such as passwords, patching and setting of user privileges,” says Mr. Murphy of the seven agencies.
Three of the university’s databases were tested, including Murdoch Finance, Murdoch Student Admin and Murdoch Human Resources.
Chart shows the number and severity of the findings per agency database. Source: Auditor-General report, 5 Nov.
At one unspecified agency, the auditors managed to compromise two accounts and browse highly confidential and sensitive records on individuals including minors, the report said.
The same process was performed a week later, only to find that appropriate action had not been taken by the agency.
The Auditor-General’s report also identified accounts at agencies with passwords such as ‘test’ and ‘password1’.
University response
In response to the findings presented to Murdoch University, the institute has ‘engaged the services of an independent technical consultant’, it says in the report.
“Some of the actions have been completed, including the acquisition of a comprehensive password management system,” Murdoch University said in the report.
“Many of the remaining actions require specialist technical skills which are being sought.”