Exam analysis system shut down after report of security breach
Education Minister Maszlee Malik says an in-depth security analysis is being carried out, and risk management to be conducted in future.
PUTRAJAYA: The Education Ministry has temporarily shut down the school examination analysis computer system, Sistem Analisis Peperiksaan Sekolah, to investigate a claim of an attack on the system, Education Minister Dr Maszlee Malik said in a statement today.
He said SAPS had been suspended due to security concerns. “On behalf of the ministry, I apologise for any alarm caused, but I am personally looking into the issue and have taken immediate action,” Maszlee added.
He said the Education Ministry is currently analysing the claim which was sent to them yesterday.
An email had said the computer servers were vulnerable to an attack using SQL injection of its databases, which contain personal details of 4.9 million school children and their parents’ IC numbers.
“As a precautionary measure, I have instructed the ministry to temporarily shut down the system. At the same time we (Education Ministry) are conducting an in-depth security analysis to identify weaknesses in our system and will take immediate action once we have a solution in place,” Maszlee further said.
In the long term, he said the Education Ministry would also update project management and risk management process for all of its projects as issues like this could not continue to occur.
“Everything else including the Education Ministry’s websites and applications will be running as usual. I truly appreciate everyone’s feedback and concern over the issue,” he said.
Maszlee added that he strongly believed that public views were crucial in all matters pertaining to the ministry.
“We need continuous input from everyone as we work together to make the necessary reforms in the ministry,” he further said.
According to earlier media reports, an anonymous email has been circulated claiming that SAPS, which was introduced in July 2011 to centralise examination results from all states, is vulnerable to an attack called SQL Injection. The email alleged that personal details and parent’s MyKad numbers could be compromised.
The SAPS is used to measure the academic performance of pupils and enable better administration. Teachers are required to key in students examination and test results into this database, allowing parents to have real-time access to their children’s academic results.
Pitfalls of our education system
Stay current - Follow FMT on WhatsApp, Google news and Telegram