Information security incident on CUSCS e-Learning Platform

 

The School of Continuing and Professional Studies (CUSCS) found on 3 June 2024 that its Moodle Learning Management System (Moodle) has been hacked.  The data concerned involves name, email address and student registration number (where appropriate) of 20,870 Moodle users who are staff, part-time instructors, students, graduates and some guest users.   CUSCS has already disabled the related login account and reset its password.  The Moodle has also been moved to another server and other security measures have been upgraded.   

 

The CUSCS Crisis Management Working Group has reported the incident to the University.  An external IT security consultant appointed by the University has investigated and observed that there was no large volume of outbound traffic and the data concerned was not found in the darkweb.  The incident has been reported to the Police and the Office of the Privacy Commissioner for Personal Data, and affected Moodle users are being informed.  The School will continue to examine and evaluate information security to prevent similar incidents from happening again, and will cooperate with the Office of the Privacy Commissioner for Personal Data on follow-up actions. 

 

CUSCS has set up a dedicated email account response@scs.cuhk.edu.hk to handle enquiries and is in the process of informing Moodle account holders involved by email. 

 

 

School of Continuing and Professional Studies
The Chinese University of Hong Kong
13 June 2024