Let’s remember that k-12 school districts often maintain medical information on their employees, as this notification from Victoria Independent School District in Texas reminds us. In this case, some employee email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees’ personal information, including “name, address, Social…
Category: Education Sector
Former University of Iowa student pleads guilty to grade-changing hacking scheme
Jordan Prochnow reports that Trevor Graves, the former University of Iowa student who had been charged with hacking the school’s network to change grades, was back in court on Monday to plead guilty. According to a plea agreement, Graves intentionally “caused the transmission of a command that caused damage and impairment to the integrity or…
Mount Ida students’ records shared without their permission
This may be more a matter for PogoWasRight.org than this site, so I’ll cross-post it over there. Laura Krantz reports: Students and parents at Mount Ida College say they are furious because the college shared their private records with UMass Dartmouth without their permission, amid a controversial plan to shut down the college and offer…
Florence school system gets first ever IT report
If you care about data security in k-12, read this news report by Lisa Singleton-Rickman of TimesDaily concerning an Alabama school district. I think it serves as a useful example of what we’re up against. Start with the fact that the state does not require any IT audits in k-12 districts. Don’t ask, don’t tell? But Florence…
Personal information of 1 million potential college applicants ‘exposed inadvertently’
Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
Mistake in Some Google Groups Permissions Left Sensitive Info Accessible to Boston College community
Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…