The entrance of Queen’s College, the city’s first public secondary school, in Causeway Bay. Photo: Dickson LeeAn elite school in Hong Kong has launched an investigation after its information system was hacked and a student’s record of rule violations modified.
The Education Bureau confirmed the incident at Queen’s College – the city’s oldest government secondary school – in Causeway Bay, adding that the school was handling the matter and had promptly informed all stakeholders.
“The Education Bureau has reminded the school to handle the situation in accordance with the relevant guidelines, and the school has already initiated an investigation into the incident,” a spokesman said, adding it would provide appropriate advice and support.
Queen’s College sent an email to teachers, students and parents on Saturday highlighting a recent security incident in the school’s information system.
An unauthorised individual had accessed an eClass account and modified the violation records of a student under different teachers’ names, resulting in discrepancies between the disciplinary actions and the actual circumstances.
Hong Kong police arrest two in fake qualifications scandal at HKU
The email said the school was deeply concerned about the incident, and the information and technology department was conducting a thorough investigation. The school said it would also implement additional measures to prevent similar incidents from happening again.
The locally developed all-in-one platform eClass enables schools to oversee teaching and learning, administrative responsibilities and communication tasks, boasting more than 800 institutional users.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, urged teachers who used eClass to enable two-factor authentication for online security.
“There is a two-factor authentication option available for teachers who use eClass. The second layer of authentication can eliminate the risk of individuals attempting to guess the password,” Fong said.
“It is also essential for them to establish a timeout feature, whereby the system automatically logs out after a specified period. Some teachers may access the system in locations like the school computer lab or library. Implementing a logout timer can further mitigate the risk of unauthorised individuals using the same computer to make changes.”
The Office of the Privacy Commissioner for Personal Data said it had not received any notifications from the school and would reach out for more information.