Justin Paine reports: While searching Shodan, I recently discovered an ElasticSearch database without any authentication. This database contained metadata related to a huge amount of emails. It was eventually confirmed that this server and the email metadata was controlled by a large university located in China. I would like to thank the university’s security team…
Category: Education Sector
Massive Security Flaw Detected on Baltimore County Schools’ Digital Platform, Exposing Highly Sensitive Information on Students and Staff Members
Ann Costantino reports: A massive security flaw has been detected that allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data on a Baltimore County Public Schools (BCPS) public facing website. The system’s BCPS One/Schoology platform, where students are able to access classes, grades and academic resources online, is…
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Australian National University data breach stretching back 19 years detected; Affects approximately 200,000
ABC in Australia reports: The Australian National University has been hit by a massive data hack, with unauthorised access to significant amounts of personal details dating back 19 years. A sophisticated operator accessed the ANU’s systems illegally in late 2018 but the breach was only detected two weeks ago, the university said in a statement….
MO: Data security breach affects thousands of students of Jefferson City Public Schools
A now-suspended employee of Jefferson City Public Schools transferred student files containing medical information and student identification numbers to a personal email account, the district said in a news release Wednesday. The district said it recently determined the employee transferred the files into a personal Gmail account, which is a violation of district policy. The…
Utah knew the company it picked to create standardized tests had a history of crashes and cyberattacks. It signed a $44 million contract with Questar anyway.
Courtney Tanner reports: In other states, the year-end tests were marked by glitches and cyberattacks and hourlong delays. One school district threw out its results because the software was so unreliable. In another, all of the students had to start over when the programming shut down and didn’t save their responses. Sensitive student data was…