Yesterday, a listing appeared on a popular hacking forum offering data for sale that were reported to be from the US Department of Education (Ed.gov).
According to the listing, the leaked information includes: “ID, UserID, UserName, MobileNumber, LevelID, ConsumerID, Type, FeedBack, SubjectID, Subject, Replied, Token, Completed, Date, Updated, Deleted, and Origin”
DataBreaches contacted the seller, who is known to this site from previous activities, to ask about the actual source of the data. He responded promptly via private message: “The database is from the NAEP. It’s related to the National Report Card. The database is a feedback database from students to teachers or education providers about progress or questions in general.” He added that the data had been given to him by someone else, and might be months old, but he wasn’t certain.
NAEP is the National Assessment of Education Progress. The data in the sample does not seem to include any sensitive information or anything really usable for fraud or other nefarious purposes.
The seller said he is asking for an undisclosed amount in XMR.
DataBreaches did reach out through a third party yesterday to alert the U.S. Department of Education to the listing so they could investigate. It is not clear to DataBreaches at this point if the data are directly stored and secured by the U.S. Education Department or by some contractor. Either way, DataBreaches did not see these data listed as one of Ed.gov’s public datasets, so some entity may need to secure the data.