Thursday, 30 August 2018
UCD Students’ Union uncovers major data breech by Student Leap Card (FIMAK)
UCD Students’ Union was forced to suspend the sale of Student Leap Cards after learning that students’ personal information was at risk of being abused.
UCD Students’ Union President, Barry Murphy said;
‘Our students’ personal information is available to every Student Leap Card agent across the country. Each agent can see where you live, what you look like, your mobile number and your email. They can also print multiple Student Leap Cards with your identity on them without you providing any information to them at all. When you first register, all your information is immediately seen by all Leap Card agents. They can also search your personal information with your name or an identification number. This information remains readable to all agents, long after you have purchased a Student Leap Card. We have not been made aware of any policy on how long your information is kept for.
Let’s think about this. What can anyone do with that information?
If they like your picture, they can find you on Facebook. They will know where you live. They can steal your identity. They can sell your mobile number and email address to companies who will spam you. They can make and sell fake IDs with your face and name on them. All of this can be done without knowing which individual, from which agency, from which part of the country did it. There is no way of knowing if it is not an agent, if the system is hacked, considering there is a simple log in password that can’t be changed.
As students, should we stand for this? Would Leap card abuse the personal information of non-students like this? Should anyone?
UCDSU did not want to risk having the personal information of our student members abused. It is the role of our Union to protect the welfare of our members. We have actively engaged with FIMAK over a number of months to have this issue resolved before the start of term. As students across the country begin this semester, we need this serious data breach to be resolved immediately. We are continuing to work with the National Transport Authority to achieve this immediately.’