Bracey Harris reports: Mississippi education officials were unable to say Friday how many students’ personal information might have been obtained in the wake of a data breach at Questar one of the state’s testing vendors. The Mississippi Department of Education said in a statement Friday that an unauthorized user accessed the information of two districts…
Category: Education Sector
New York State Education Department Announces Breach of Data Held by Vendor Questar
Jan. 18 -State Education Department Announces Breach of Data Held by Vendor Questar The State Education Department’s grades 3-8 assessment vendor, Questar Assessment, Inc., experienced a data breach affecting a small number of students registered for computer-based testing (CBT) in spring 2017, Commissioner MaryEllen Elia announced today. Questar reported that its preliminary analysis shows 52…
UT: Bored student hacks into Taylorsville High School system
Marcos Ortiz reports: A teen claimed boredom caused him to hack into a school’s computer network. It happened during last year’s school year at Taylorsville High School. But the case was recently unsealed by a judge. The 18-year-old who doesn’t want his name disclosed said he has not been charged with a crime but has been told…
University of Central Florida settles hacking case
There’s an update to the University of Central Florida breach that was first disclosed in early 2016. The Orlando Sentinel reports: The University of Central Florida has agreed to spend an additional $1 million annually to protect students’ and employees’ personal information, according to a legal settlement reached with former students in the wake of…
NC: Emotet malware compromised Rockingham County Schools servers after employees opened phishing emails
This report was published December 28, 2017, but I’m first seeing it today. Joe Dexter reports on the devastation Rockingham County Schools experienced after employees fell for a phishing email. The only good news, perhaps, was that personal information did not appear to have been acquired or exfiltrated: All it took was several downloads of…
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…