'Ethical Hacker:' Maricopa Community Colleges data still exposed - Hawaii News Now - KGMB and KHNL

ONLY ON CBS 5

'Ethical Hacker:' Maricopa Community Colleges data still exposed

Posted: Updated:

A student at Glendale Community College who says he's an ethical hacker believes the school district's computer system is still vulnerable.

'Chris,' who didn't want his identity revealed said he is one of the 2.5 million past and current Maricopa County Community Colleges (MCCCD) students who fell victim to the massive security breach. In late November, the school system announced personal information, including date of birth, social security numbers, bank account information and addresses were all exposed.

"I found vulnerabilities beforehand. And they dealt with getting into the database that has the entire enterprise," said Chris.

"I'm an ethical hacker, and I wanted to show them what they did wrong," he said.

Chris mentioned he first noticed an issue in July, when he spotted what he believed was a fake Facebook profile for Glendale Community College's president. He reached out to the account holder, and thought the person behind the account had gained information about the president by accessing the school's network. Glendale Community College is part of the MCCCD system.

"I told them about my finding and nobody really listened to me," said Chris.

Chris then started doing his own investigating, accessing holes in the school's server which he says allowed him to access personal student data.

"You can find their names, (and) their vitals. All of their information," he said.

Tom Gariepy, a spokesperson for the district said there is no record of Chris' July communication with the school; however, officials at the district are looking into a message they received last week from someone claiming to be an ethical hacker. It's unclear whether that person is also Chris.

"If he did (reach out to school officials), we'd want to look into it to find out why it is that nobody responded to it, if in fact nobody responded," said Gariepy.

Gariepy said officials have been working to fix all the security issues, and says it's an ongoing process.

"Is it safe to say that all of the issues that have led to this breach have been repaired?" asked CBS 5's Greg Argos.

"I don't know whether all of them have, but we've made a tremendous amount of progress over the past few months," responded Gariepy.

Chris isn't too sure.

"I believe that I could actually waltz in there and do it again," he said.

MCCCD officials said all 2.5 million people affected have been mailed letters which include an 800-number that can provide more information. The district has not emailed those affected. Gariepy says anyone who receives emails claiming to be from MCCCD should consider the emails suspicious.

Copyright2013 CBS 5 (KPHO BroadcastingCorporation). All rights reserved.