DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Is It Time for a Wall of Shame for the Education Sector?

Posted on February 11, 2015 by Dissent

Over the past few months, SLC Security has been noting a lot of malware and botnet activity in the education sector – problems, they say, that the entities often don’t acknowledge when SLC Security attempts to alert them to problems.

Yesterday, SLC Security wrote that they were seeing traffic from:

  1. New York University -Malicious Activity
  2. Princeton University – Malicious Activity
  3. University of Pennsylvania – Malicious Hacking Activity
  4. Carnegie Mellon University – Botnets and Compromised Systems

And they note:

While we have attempted to contact as many organizations as we can we have noted that many have not acknowledged the activity even though some data has been seen on Darknet and some forums.

So while students, employees, and faculty may be at risk of ID theft or not know that their details are up for sale somewhere, universities ignore alerts from researchers, or maybe do a quick fix and then hope no one will publicly report that they’ve been breached? I’m not suggesting that the four universities named above have covered up any breaches, but am just speaking in general here.

Maybe SLC Security and other security researchers should create a public wall of shame for universities that don’t respond to notifications and/or don’t disclose. And if data are being leaked,  what kinds of data are being found for sale on the Dark Web?  They can insert a disclaimer that the source of the data on the Dark Web may not be from the currently observed problems, but that it’s up there and the public needs to know their data are up for sale so they can protect themselves. Just saying, “Hey, we’re seeing bad stuff” is not really helpful to those who may be at risk, even though I understand that commercial outfits would like organizations to actually hire them (in which case any transgressions might be shielded by a nondisclosure agreement or confidentiality).

A Wall of Shame might also serve other important agendas. It might increase public  – and Congressional – awareness of the scope of problems in the education sector.

And then maybe – just maybe – Congress will pay more attention and we’ll get some laws that empowers a federal agency to actually enforce data security in the education sector.

In the meantime, this blogger continues to believe that the FTC has the authority to enforce data security in the education sector for student financial information under the Safeguards Rule. It has never done so, however, despite this blogger and EPIC.org filing complementary complaints about the MCCCD breach that was reported extensively on this site.

I realize that not everyone is a fan of naming and shaming. So call it something other than “Wall of Shame,” but if personal, financial, or health information is being exposed and the organization doesn’t respond and/or disclose, shouldn’t someone share this information with the public?

 

Category: Commentaries and AnalysesEducation Sector

Post navigation

← NL: Dutch house approves law on personal data breach reporting
CA: Private Investigators Indicted for Hacking the Computers of People Opposing Their Clients in Civil Suits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.