[ISN] 'Picky' thieves take only list of clients

From: InfoSec News (alerts@private)
Date: Sun Jan 06 2008 - 23:11:34 PST


http://newpaper.asia1.com.sg/news/story/0,4136,152386,00.html

By Karen Wong
Electric News
January 04, 2008

PICKY thieves have led one private education centre to believe that 
industrial espionage might be the motive for a recent break-in.

Early this week, three of the CES group's computers - containing the 
personal details and contacts of its 30,000 students - were stolen from 
its Eu Tong Sen Street office.

Surprisingly, 10 other computers in the same location, some of them 
newer than the stolen items, and other expensive equipment like scanners 
were left untouched.


BUSINESS REASONS?

The thieves' specific choices have led CES group chairman Desmond Lim, 
35, to suspect that they could have been looking for the information 
stored in these computers for business reasons.

'They could be potential customers for them,' he said of the students.

And the thieves seemed to know what they were doing. They took one 
computer from the administration room and the other two from the 
accounts department.

And while the computer stolen from the administration room might have 
been the oldest, it was also the only one with all the students' data, 
said Camford Business School principal Indra Padmakumara, 30, whose 
school is part of the CES group.

The other three computers in that room were not taken, she said. Nor 
were they tampered with.

The door to Mr Lim's room was forced open, although a brand new 
projector, a digital camera and a box full of coins, all lying within 
plain view, were not taken.

The CES Group has some 40 branches in Singapore and Malaysia, and its 
schools include those under the Camford, Cambridge Language School and 
Pusat Bahasa Titian Jaya banners.

Police are investigating the break-in, which happened sometime on Sunday 
night or Monday morning.

The theft was discovered by two of the school's operations and 
administration staff.

Miss Law Laiping, 20, said she and a colleague had locked up the 
premises on Sunday night. When they came to work at 9.35am on Monday, 
they noticed that the chain on the front door was missing.

They alerted a security guard and found the drawers in the 
administration room broken into and a computer missing.

Mr Lim said the group's main business since 1997 has been language 
schools, an increasingly competitive business. Its school here also 
offers business courses.

'It is very competitive here. And even more so in Malaysia,' said Mr 
Lim.

When pressed, he revealed that the group made about $80million in sales 
last year.

Most of its students are working adults from Malaysia and China.

Miss LM Chu, 25, a part-time student from China enrolled in the school's 
English course, is worried her personal details may fall into the wrong 
hands.

Police spokesman Lim Tung Li said investigations are on.

Ms Indra said the school has since installed a burglar alarm and is 
putting in a CCTV system.


Databases are kept confidential

SCHOOLS here treat student databases as highly confidential and keep 
them secure as they can be used by competitors to entice students away.

The chief operating officer of the Asian Centre for Professional 
Excellence, MrJurgen Rudolph, said: 'The student databases are saved in 
a secured network and only the IT personnel have control of the network.

'The student databases require a password for viewing, which only the 
administrator-in-charge can give.

'The server room used by the IT personnel is locked at all times and 
even internal staff members are prohibited from entering it unless they 
have proper authorisation.'

He said the student databases contain particulars of students in or 
applying to the school and competitors can use this information to 
entice students away.

When contacted, a spokesman for the SIM Group which runs SIM Global 
Education and SIM University, said: 'At SIM Group, we treat student 
records as highly confidential.


TIGHT SECURITY

'Strict processes and tight security policies are put in place to 
protect our student records.

'Our application systems and databases are stored in our data centre, 
which is a secured area accessible only to authorised staff.'

She added that online access to student records is given only to UniSIM 
or SIM operational staff directly in charge of the programmes, and hard 
copies are kept locked.

'Online access to systems such as the student portal are secured, so 
that students can only access their own records.'


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Sun Jan 06 2008 - 23:31:54 PST