Malaysia’s Ministry of Education suspended its online school examination analysis system (SAPS) last weekend due to an alleged security threat.
An anonymous email tip-off claimed that the portal was allegedly vulnerable to an attack called SQL Injection.
The breach would allow the attacker to retrieve student data stored on the site, which centralises examination results from the country’s different states. The system allows real-time access to students’ academic performance and aims to ease administration processes.
The site currently holds data from over 10,000 national primary and secondary schools.
The email alleged that 4.9 million student details, along with their parents’ identification card details were at risk.
There were also large attachments containing text files that appeared to be student records, according to The Star.
Education minister Dr Maszlee Malik apologised for the alarm caused by the issue and said the ministry has taken immediate action.
“As a precautionary measure, I have instructed the ministry to temporarily shut down the system,” he said in a statement. “At the same time, we are conducting an in-depth security analysis to identify weaknesses in our system and will take immediate action once we have a solution in place.”
All other ministry websites and applications are running as usual, Maszlee said.
In the long term, the ministry is looking to update its project and risk management process for their projects to prevent any security breaches, he added.