Why Munich schools are becoming a target for hackers
IT security in many primary and secondary schools in Munich is inadequate. The Bavarian Teachers’ Association is pushing for improved equipment, while the City of Munich is working on a changeover.
Problem with the outdated web mail application
The web mail application Horde, which is used by many primary and secondary schools in Munich, has not received any updates since June 2020. According to IT security expert Florian Hansemann from HanseSecure, the fact that no updates have been carried out in three and a half years poses considerable risks: “This is extremely outdated software with a very high probability of security vulnerabilities, so hackers could have an easy time of it!” Hansemann goes on to emphasize that the software is generally no longer updated and has reached its so-called ‘end of life’.
How might our children’s data end up on the darknet?
Sensitive data of children and young people is processed in e-mail exchanges between primary and secondary schools.
Florian Hansemann says: “If hackers now capture this data, they could, for example, commit identity theft, pretend to be a child, take over personal data and find out addresses, which could lead to stalking.”
Such issues are of great importance. IT security experts explain that it is not uncommon for children’s and young people’s data to appear on relevant hacker sites on the darknet.
The German Federal Office for Information Security (BSI) also warns of open vulnerabilities: “Vulnerabilities in office applications and other programs are still one of the main targets for cyber attacks.”
City of Munich plans improvements
The City of Munich is responsible for IT security at Bavarian schools and is planning improvements. However, the city does not specify a precise timetable for the completion of these improvements.
Teachers as IT managers?
Another problem is that designated experts are not always responsible for IT security in schools. According to the “Recommendations for IT equipment in schools for 2023 and 2024” from the Bavarian Ministry of Education and Cultural Affairs, teachers are allowed to carry out technical IT administration to a limited extent. Hans Rottbauer from the Teachers’ Association takes a critical view of this and calls for schools to be adequately staffed with IT specialists.
Bavarian data protection officer examines the case
Munich-based lawyer Marc Maisch considers the use of the outdated web mailer to be a clear violation of the General Data Protection Regulation, which stipulates the use of modern technologies. Based on BR’s research, Maisch has submitted a complaint to the data protection officer, which is currently being processed.”
Conclusion
Children’s data must be better protected!
Gundolf Kiefer, spokesperson for the Bavarian Parents’ Association and Professor of Computer Engineering at Augsburg University of Applied Sciences, criticizes the use of outdated web mailers at schools. He emphasizes the importance of data security and the special protection that the General Data Protection Regulation (GDPR) provides for the data of minors. Kiefer underlines the need to seriously consider the follow-up costs and security aspects of IT equipment in schools and the importance of qualified IT staff.
