Sean Tassi reports: Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and…
Category: Education Sector
IL: Reinstated school district IT Director sues school board over breach response
In May, 2016, this site noted a breach report from Abingdon-Avon School District in Illinois. One month later, we noted a news report that their IT Director, identified at the time as Mark Rodgers (sic), had been arrested, although it wasn’t clear if the felony eavesdropping charges were directly related to the breach. Not reported…
A (Secondary) Education in Data Security
Christina Seda and Peter A. Nelson of Patterson Belknap write: On January 18, 2018, the New York State Education Department (“NYSED”) announced that one of its vendors, Questar Assessment, experienced a data breach resulting in the unauthorized disclosure of personal information from students in five different New York schools. While the data breach reportedly affected…
Columbia University grad arrested for using key logger software
Robert Abel reports: A Columbia University grad student was arrested for leaving key logger malware on USB sticks left throughout the campus. Bill Liang Lin Wu, 23 was arrested Thursday after he was caught on camera leaving the credential stealing devices on a host of university computers shared by 14 professors. Wu graduated last spring…
12 UNC employees’ personal information comprised in cybersecurity breach
Tommy Wood reports: The private information of 12 University of Northern Colorado employees was compromised last week after an “unknown person or group” accessed their profiles on Ursa, UNC’s online portal, according to a release from the university. Whoever is responsible for the breach tried to log in to the employees’ Ursa accounts, then used…
Access to Wisconsin schools data limited after tech team finds hacking risk
Annysa Johnson reports: Access to data maintained by the state’s Department of Public Instruction was limited Tuesday after the state’s technology staff found vulnerabilities in coding that could have opened the data sets to hackers if exploited. DPI spokesman Thomas McCarthy said there was no data breach. However, he said, technicians had to take down several…