Sara A. Arrow and Craig A. Newman Recently-issued guidance from the U.S. Department of Education (ED) threatens to “yank” Title IV funding for post-secondary institutions lacking appropriate data security safeguards. The guidance comes as the risk of educational data breaches has intensified, as we have previously reported. The stakes are even higher now that ED…
Category: Education Sector
KY: Livingston County Schools teachers, staff fear identity theft
Blake Stevens and Randall Barnes report: Many teachers, bus drivers, custodians, and other school staff in Livingston County fear their identities may have been stolen. Superintendent Victor Zimmerman apologized Monday night for unknowingly posting payroll information with social security numbers on the Livingston County school district’s website. The breach was part of an attachment for…
Ex-student suspect in Mississippi State University records tampering case
Therese Apel reports: According to Mississippi State University officials, one former student is the target of a search warrant in an investigation into university record tampering. MSU Chief Communications Officer Sid Salter told Logan Kirkland of the Starkville Daily News that the student graduated in December. The identity of the suspect and the nature of…
FBI Private Industry Notification warns schools about TheDarkOverlord
On January 31, 2018, the FBI released a Private Industry Notification (PIN) warning schools about the hacker(s) known as TheDarkOverlord. The information in the PIN was provided by the FBI and the Department of Education’s Office of the Inspector General, and it appears to be an expanded version of a prior alert to schools issued by…
What to Know About ED’s New Stance On Data Breach Reporting
Sean Tassi reports: Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and…
IL: Reinstated school district IT Director sues school board over breach response
In May, 2016, this site noted a breach report from Abingdon-Avon School District in Illinois. One month later, we noted a news report that their IT Director, identified at the time as Mark Rodgers (sic), had been arrested, although it wasn’t clear if the felony eavesdropping charges were directly related to the breach. Not reported…