It is a “stealer” type campaign, these spyware specialized in data theft, which targeted the users of a high school of the Academy of Rennes and allowed fraudulent access. Here is the conclusion of the experts of the Ministry of higher education and research, transmitted to ZDNET.fr after the data leak that affected about sixty high school students, disclosed on a specialized forum on Sunday, July 23rd.
No flaw in Parcoursup
The investigations have indeed made it possible “to quickly rule out any form of intrusion and therefore a flaw in the Parcoursup information system”, contrary to the hacker’s allegations. According to Sylvie Retailleau’s ministry, the latter would in fact have managed to steal user password pairs allowing him to access the platform within the high school.
The hacker had claimed to have accessed one of the administration areas of Parcoursup and to have exported part of the user database. The file posted online, relating to about sixty students, disclosed a lot of personal information, including the identity and contact details of the candidate and his parents.
Complaint and notification to the Cnil
Result: the school finally filed a complaint with the Public Prosecutor and notified the incident to the Cnil. The students concerned have also been informed. This incident, “independent of the operation of Parcoursup”, specifies again the ministry, had “no repercussions” on their candidacy for a post-baccalaureate training.
Finally, the Ministry of higher education and Research reports that it has taken several computer security measures to avoid new malicious actions of this type. For example, encouraging users of the platform to “take simple measures to guarantee the integrity of their digital identity”, such as updating an antivirus or changing a password.