Harvard Web site total hack is a cautionary tale

“Database losses and hacks can and do occur, often through human error, but the Harvard University hack apparently involves the complete site database – allegedly including hidden system files – being released,” comments Calum Macleod, European director of digital data protection specialist Cyber-Ark. “This is a potentially worse-case scenario for any IT director, as it means the complete site, right down to its root-and-branch structure and, presumably, all system files, can be downloaded and cloned by just about anyone on the Internet,” he adds. “Although it remains to be seen what Harvard’s IT department has to say about the site hack, it looks like the hackers got everything from the University’s servers, including information from the back office and system file data that is not normally accessible to the public,” he observes. “If the University had used a data encryption system on its most sensitive files, then this systematic site hack would probably not have occurred. The worst that could have happened is that the publicly-accessible web site could have been downloaded and distributed, which is no big deal for anyone.”