KMOV reports: St. Louis Community College said it is investigating a possible breach of student information. The school says an email attachment containing personally identifiable information for 362 students was sent to a small number of other students. The attachment has names, email, ID numbers and home addresses of the 362 students. The school says…
Category: Education Sector
Regulatory Gap: Cybersecurity at K-12 Schools
Nicole Della Ragione and Leora F. Ardizzone report: While data breaches at Equifax, Yahoo, Anthem and Target have made the national news, data breaches at school districts are not as widely publicized. Schools are a treasure trove of children’s personally identifiable information (PII) (e.g., name, address, Social Security number) and protected health information (PHI), as…
Amazon Releases New Guidance on AWS and FERPA
Dian Schaffhauser reports: More than two years after issuing guidance on FERPA compliance and Amazon Web Services, Amazon has updated the whitepaper to lay out the company’s “shared responsibility model” and provide specific guidance on 24 different AWS services. The Family Educational Rights and Privacy Act, in general, calls for schools and agencies to “reasonably…
Former University of North Georgia employee accessed protected student data in Banner
Viktoria Capek-Grey reports: On Monday, Feb. 26, the University of North Georgia’s Office of University Relations emailed all students regarding improper access of Banner information in January. The email cautioned students that a former student employee inappropriately accessed information protected by FERPA (Family Educational Rights and Privacy Act), though it said there is no evidence…
California College of the Arts notifies people of stolen laptop
So I read the first sentence of the description of an incident reported by California College of the Arts, and wanted to just walk away: On Friday January 19, 2018, a College laptop used by an employee was stolen out of the employee’s vehicle. Why? WHY? WHY is this still happening? But I made myself…
Monticello Central School District victim of phishing attack
On January 12, the Monticello Central School District in New York notified the New Hampshire attorney General’s office that they were notifying two residents of a breach that occurred in November, 2017, as a result of a phishing attack. You can read the notification to those affected, below.