DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Is It Time for a Wall of Shame for the Education Sector?

Posted on February 11, 2015 by Dissent

Over the past few months, SLC Security has been noting a lot of malware and botnet activity in the education sector – problems, they say, that the entities often don’t acknowledge when SLC Security attempts to alert them to problems.

Yesterday, SLC Security wrote that they were seeing traffic from:

  1. New York University -Malicious Activity
  2. Princeton University – Malicious Activity
  3. University of Pennsylvania – Malicious Hacking Activity
  4. Carnegie Mellon University – Botnets and Compromised Systems

And they note:

While we have attempted to contact as many organizations as we can we have noted that many have not acknowledged the activity even though some data has been seen on Darknet and some forums.

So while students, employees, and faculty may be at risk of ID theft or not know that their details are up for sale somewhere, universities ignore alerts from researchers, or maybe do a quick fix and then hope no one will publicly report that they’ve been breached? I’m not suggesting that the four universities named above have covered up any breaches, but am just speaking in general here.

Maybe SLC Security and other security researchers should create a public wall of shame for universities that don’t respond to notifications and/or don’t disclose. And if data are being leaked,  what kinds of data are being found for sale on the Dark Web?  They can insert a disclaimer that the source of the data on the Dark Web may not be from the currently observed problems, but that it’s up there and the public needs to know their data are up for sale so they can protect themselves. Just saying, “Hey, we’re seeing bad stuff” is not really helpful to those who may be at risk, even though I understand that commercial outfits would like organizations to actually hire them (in which case any transgressions might be shielded by a nondisclosure agreement or confidentiality).

A Wall of Shame might also serve other important agendas. It might increase public  – and Congressional – awareness of the scope of problems in the education sector.

And then maybe – just maybe – Congress will pay more attention and we’ll get some laws that empowers a federal agency to actually enforce data security in the education sector.

In the meantime, this blogger continues to believe that the FTC has the authority to enforce data security in the education sector for student financial information under the Safeguards Rule. It has never done so, however, despite this blogger and EPIC.org filing complementary complaints about the MCCCD breach that was reported extensively on this site.

I realize that not everyone is a fan of naming and shaming. So call it something other than “Wall of Shame,” but if personal, financial, or health information is being exposed and the organization doesn’t respond and/or disclose, shouldn’t someone share this information with the public?

 

Category: Commentaries and AnalysesEducation Sector

Post navigation

← NL: Dutch house approves law on personal data breach reporting
CA: Private Investigators Indicted for Hacking the Computers of People Opposing Their Clients in Civil Suits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.