DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Tupelo schools impacted by Questar data breach

Posted on January 22, 2018 by Dissent

Daily Journal reports:

The Mississippi Education Department’s assessment vendor, Questar Assessment, Inc., reported today that 562 students in the Tupelo Public School District were impacted by the data breach the company discovered last week.

Questar’s preliminary analysis found that an unauthorized user viewed student assessment records between Dec. 31, 2017 and Jan. 1 from Tupelo Middle School, Tupelo High School and Jefferson County Junior High School.

Read more on Daily Journal.

From the Mississippi Department of Education  (h/t, Doug Levin)

MDE Announces Schools Affected by Questar Assessment Breach

JACKSON, Miss – The Mississippi Education Department’s (MDE) assessment vendor, Questar Assessment, Inc., reported today that 663 students in the Tupelo and Jefferson County school districts were affected by the data breach the company discovered last week. This represents a fraction (0.26%) of the to 258,501 computer-based test takers in spring and fall 2017. Questar had originally reported the breach related to tests administered in 2016.

Questar’s preliminary analysis found that an unauthorized user viewed student assessment records between December 31, 2017 and January 1, 2018, from Tupelo Middle School, Tupelo High School and Jefferson Junior High School. The unauthorized viewer gained access to student names, Mississippi student identification numbers, grade levels, teacher names and test results. One student record viewed contained demographic data.

Dr. Carey Wright, state superintendent of education, spoke personally to Questar President Steve Lazer to demand that Questar take immediate action to ensure no further data breaches occur. Lazer assured Wright that Questar is acting swiftly to ensure Mississippi’s data remains safe and secure.

“The MDE takes very seriously the confidentiality of student information, and any breach of our records will not be tolerated,” Wright said. “Even though this incident is isolated to a fraction of students, any type of breach is unacceptable, and we are holding Questar accountable to ensure this never happens again.”

Following the discovery of a similar breach in New York, Questar has closed the accounts of all former employees and has hired a third-party audit firm to perform a security audit of its systems.

The MDE is requiring Questar take immediate action including:

  • Use a third-party audit firm to conduct a security audit of Questar’s systems and security protocols, policies and procedures;
  • Submit a written corrective action plan to the MDE by January 29, 2018, detailing the actions Questar has taken and will take to ensure that this does not occur again in the future.
  • Force password resets;

The MDE does not share student addresses and social security numbers with Questar; and therefore, this information was not accessible.

Questar first notified the MDE about the breach on the afternoon of January 18, 2018. On January 19, 2018, Questar provided additional information, and earlier today, Questar provided the MDE with the names of the affected students and schools.

The MDE has notified the superintendents of the affected districts and will issue a letter to every student who were affected. The breakdown of schools and students affected is as follows:

School District # of Students Affected
Tupelo Middle School Tupelo School District 490
Tupelo High School Tupelo School District 72
Jefferson County Junior High School Jefferson County School District 101

Related posts:

  • New York State Education Department Announces Breach of Data Held by Vendor Questar
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • Audits of New York schools and the State Education Department reveal ongoing significant concerns
  • Mississippi State Ed Dept. says contractor failed to provide test results on time
Category: Education SectorSubcontractorU.S.

Post navigation

← Private info for hundreds of Kansas voters exposed by Florida
Health Data Breaches in 2017: The Year in Review →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.