THE school exam analysis system has been temporarily shut down by the Education Ministry, which is investigating claims that it is vulnerable to attack by hackers.

The Star reported that it received an email tip-off saying the system’s weaknesses could be exploited by hackers to access “4.9 million student details, along with their parents’ MyKad numbers”.

Education Minister Dr Maszlee Malik said the system has been suspended and his ministry is investigating the claims.

The tip-off to the English daily said the system, introduced in July 2011 to centralise examination results nationwide, is vulnerable to an attack called “SQL Injection”.

It said such an attack allows hackers to retrieve data on students in some 10,000 national primary and secondary schools.

The report said attached with the email were text files showing what appeared to be student records.

The tip-off also said the system suffered other problems, such as passwords being stored in plain text, and that most users had simple passwords, like “1234567”.

The system is in place to measure students’ academic performance and enable better administration.

Teachers are required to key in students’ examination results, and parents have real-time access to the information.

“We are conducting an in-depth security analysis to identify weaknesses in our system, and we will take immediate action once we have a solution,” said Dr Maszlee.

He said in the long term, the ministry will update its project- and risk-management processes.

He said apart from the suspended system, all other functions on the website will run as usual.

“I appreciate everyone’s feedback and concern over the issue.”

CyberSecurity Malaysia president Dr Aswami Ariffin said in such a case, it is advisable for the system owner to conduct a web penetration test to uncover weaknesses and carry out a reconfiguration. – June 10, 2018.