DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Tupelo schools impacted by Questar data breach

Posted on January 22, 2018 by Dissent

Daily Journal reports:

The Mississippi Education Department’s assessment vendor, Questar Assessment, Inc., reported today that 562 students in the Tupelo Public School District were impacted by the data breach the company discovered last week.

Questar’s preliminary analysis found that an unauthorized user viewed student assessment records between Dec. 31, 2017 and Jan. 1 from Tupelo Middle School, Tupelo High School and Jefferson County Junior High School.

Read more on Daily Journal.

From the Mississippi Department of Education  (h/t, Doug Levin)

MDE Announces Schools Affected by Questar Assessment Breach

JACKSON, Miss – The Mississippi Education Department’s (MDE) assessment vendor, Questar Assessment, Inc., reported today that 663 students in the Tupelo and Jefferson County school districts were affected by the data breach the company discovered last week. This represents a fraction (0.26%) of the to 258,501 computer-based test takers in spring and fall 2017. Questar had originally reported the breach related to tests administered in 2016.

Questar’s preliminary analysis found that an unauthorized user viewed student assessment records between December 31, 2017 and January 1, 2018, from Tupelo Middle School, Tupelo High School and Jefferson Junior High School. The unauthorized viewer gained access to student names, Mississippi student identification numbers, grade levels, teacher names and test results. One student record viewed contained demographic data.

Dr. Carey Wright, state superintendent of education, spoke personally to Questar President Steve Lazer to demand that Questar take immediate action to ensure no further data breaches occur. Lazer assured Wright that Questar is acting swiftly to ensure Mississippi’s data remains safe and secure.

“The MDE takes very seriously the confidentiality of student information, and any breach of our records will not be tolerated,” Wright said. “Even though this incident is isolated to a fraction of students, any type of breach is unacceptable, and we are holding Questar accountable to ensure this never happens again.”

Following the discovery of a similar breach in New York, Questar has closed the accounts of all former employees and has hired a third-party audit firm to perform a security audit of its systems.

The MDE is requiring Questar take immediate action including:

  • Use a third-party audit firm to conduct a security audit of Questar’s systems and security protocols, policies and procedures;
  • Submit a written corrective action plan to the MDE by January 29, 2018, detailing the actions Questar has taken and will take to ensure that this does not occur again in the future.
  • Force password resets;

The MDE does not share student addresses and social security numbers with Questar; and therefore, this information was not accessible.

Questar first notified the MDE about the breach on the afternoon of January 18, 2018. On January 19, 2018, Questar provided additional information, and earlier today, Questar provided the MDE with the names of the affected students and schools.

The MDE has notified the superintendents of the affected districts and will issue a letter to every student who were affected. The breakdown of schools and students affected is as follows:

School District # of Students Affected
Tupelo Middle School Tupelo School District 490
Tupelo High School Tupelo School District 72
Jefferson County Junior High School Jefferson County School District 101

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • Audits of New York schools and the State Education Department reveal ongoing significant concerns
Category: Education SectorSubcontractorU.S.

Post navigation

← Private info for hundreds of Kansas voters exposed by Florida
Health Data Breaches in 2017: The Year in Review →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.