Jan. 18 -State Education Department Announces Breach of Data Held by Vendor Questar The State Education Department’s grades 3-8 assessment vendor, Questar Assessment, Inc., experienced a data breach affecting a small number of students registered for computer-based testing (CBT) in spring 2017, Commissioner MaryEllen Elia announced today. Questar reported that its preliminary analysis shows 52…
Category: Education Sector
UT: Bored student hacks into Taylorsville High School system
Marcos Ortiz reports: A teen claimed boredom caused him to hack into a school’s computer network. It happened during last year’s school year at Taylorsville High School. But the case was recently unsealed by a judge. The 18-year-old who doesn’t want his name disclosed said he has not been charged with a crime but has been told…
University of Central Florida settles hacking case
There’s an update to the University of Central Florida breach that was first disclosed in early 2016. The Orlando Sentinel reports: The University of Central Florida has agreed to spend an additional $1 million annually to protect students’ and employees’ personal information, according to a legal settlement reached with former students in the wake of…
NC: Emotet malware compromised Rockingham County Schools servers after employees opened phishing emails
This report was published December 28, 2017, but I’m first seeing it today. Joe Dexter reports on the devastation Rockingham County Schools experienced after employees fell for a phishing email. The only good news, perhaps, was that personal information did not appear to have been acquired or exfiltrated: All it took was several downloads of…
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Montana State University Billings notifying students after laptop was stolen in November
Ugh. Another laptop was apparently stolen from an employee’s car. This one was from the education sector, but it contained some student health information and health insurance information. The incident was reported by Montana State University Billings to the Montana Attorney General’s Office on January 5, and letters are going out today to affected students….