The University of Canterbury appear to have had the mother of all security breaches with all students being able to access any other students details, and even edit them!
This is not a minor problem, but almost the worst case scenario. Having 10,000 people able to access every account. This is like a bank giving all customers access to every account held at the bank. More than an apology is needed here.
A couple of people have got excited over whether The Press reporter broke the law by checking for him or herself that you could access other student’s accounts. I don’t think they did anything wrong because they were using a legitimate username and password. Anyone who changed someone else’s details though could be facing some legal problems.