There’s an update to the University of Central Florida breach that was first disclosed in early 2016. The Orlando Sentinel reports: The University of Central Florida has agreed to spend an additional $1 million annually to protect students’ and employees’ personal information, according to a legal settlement reached with former students in the wake of…
Category: Education Sector
NC: Emotet malware compromised Rockingham County Schools servers after employees opened phishing emails
This report was published December 28, 2017, but I’m first seeing it today. Joe Dexter reports on the devastation Rockingham County Schools experienced after employees fell for a phishing email. The only good news, perhaps, was that personal information did not appear to have been acquired or exfiltrated: All it took was several downloads of…
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Montana State University Billings notifying students after laptop was stolen in November
Ugh. Another laptop was apparently stolen from an employee’s car. This one was from the education sector, but it contained some student health information and health insurance information. The incident was reported by Montana State University Billings to the Montana Attorney General’s Office on January 5, and letters are going out today to affected students….
Columbia Falls School District Number 6 notifies employees whose data may have been compromised by TheDarkOverlord
Interesting. The Columbia Falls School District Number 6 in Montana, who had been attacked by TheDarkOverlord, sent out notification letters and notified the Montana Attorney General’s office on January 5. In their submission to Montana, they note that the breach began September 1, and ended on November 13. In actuality, the November 13 date was…
Ca: Regina Public investigated after teacher breached students’ privacy
Here is the argument for more education and training. Ashley Martin reports: The Regina Public School Division is addressing policy gaps after a teacher uploaded more than 2,000 documents, many containing students’ information, to a public website. Some of the information was online for 15 months before the privacy breach was reported to the Office…