From the Office of the New York State Comptroller, this follow-up report on the New York State Education Department shows ongoing concerns that have not been addressed at all or only addressed partially: Issued: November 13, 2018 Link to full audit report 2018-F-17 Purpose To determine the extent of implementation of the two recommendations included…
Category: Education Sector
The GDPR: When do schools need to report data breaches?
Luke Irwin reports: …. A major concern is the GDPR’s requirement that organisations report certain types of data breach to their supervisory authority within 72 hours of becoming aware of the incident. It’s one of the toughest rules to meet, but this blog provides you with all the details you need. Read more on IT Governance…
TN: Unauthorized users could have accessed private information of 7,700 people following ETSU breach
Jordan Moore reports: A data breach impacting employees at East Tennessee State University remains under investigation. University officials tell News Channel 11 that two unidentified employees clicked on a link in the phishing scam that was sent to their e-mail accounts. ETSU Spokesperson, Joe Smith, elaborated on that phishing scam e-mail Monday afternoon. Read more…
IE: University at centre of potential data breach after USB stick ‘goes missing’
Rachel Farrell reports: A leading university has experienced a potential data breach after a USB stick containing “confidential” details of up to 900 students went missing. NUI Galway, with a student population of over 18,000, confirmed in a statement on their website that the USB may have contained student names, their student numbers and exam…
NJ: Here, let me help you withdraw from all those pesky courses.
Andrew Kinney reports on a hack at Stevens Institute of Technology in New Jersey. Registration at Stevens is like high school sports. It involves waking up at seven in the morning to repeat mindless drills (furiously clicking through Web Self Services). It works with a class hierarchy — juniors trump sophomores who trump freshmen, with seniors…
WordPress GDPR plugin inadvertently exposed sites to hackers
Keumars Afifi-Sabet reports: Attackers have been exploiting a flaw in a WordPress GDPR-compliance plugin to hijack vulnerable websites and implement remote code execution. The flaw had been present in Wordfence’s GDPR Compliance plugin for at least four months and, ironically, allowed hackers to gain access to a site using the tool. Hackers could then execute any…