LockBit has added White Settlement Independent School District in Texas to their leak site, with a proof pack that suggests that the threat actors were able to access — and may have exfiltrated — a lot of files. The listing was added yesterday. There is no notice on WSISD’s website that DataBreaches could find…
Category: Education Sector
Minneapolis Public Schools tap dances around telling parents and employees what really happened
The bar has been lowered. Which bar, you wonder? The bar for how low entities will sink rather than just saying they experienced a ransomware attack. Becky Z. Dernbach reports: Minneapolis Public Schools will open for in-person instruction as usual Monday, after a week of disruptions from “technical difficulties” and snow. In an email to…
Misconfiguration caused data breach affecting Stanford University PhD applicants
Sergiu Gatlan reports: Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics,…
L.A. Unified admits that at least 2,000 student records dumped after ransomware attack
Mark Keierleber’s article on The 74, noted on this blog yesterday and discussed by some of us on infosec.exchange, has apparently resulted in the district making some small admissions. Howard Blume reports: The Los Angeles Unified School District disclosed Wednesday that “approximately 2,000 student assessment records” were posted on the dark web as a result…
Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack
Mark Keierleber reports: Detailed and highly sensitive mental health records of hundreds — and likely thousands — of former Los Angeles students were published online after the city’s school district fell victim to a massive ransomware attack last year, an investigation by The 74 has revealed. The student psychological evaluations, published to a “dark web”…
Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition
Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher…