Oxford Uni Student Data Breached Through Career Platform
Oxford University student data has been breached once again, this time through a career platform compromise, leaving records exposed. The incident is a separate attack from a break-in that occurred just last month.
#DataBreach #OxfordUni #StudentData #CareerPlatform #EmergingThreats
Ransomware Gang Targets Canvas, Exposes Student Data Risks
A ransomware gang claimed to have stolen data from 275 million students, teachers, and staff, but Instructure, the company behind Canvas, says it's reached a deal with the hackers and has digital proof that the data has been destroyed. But can we really trust that the threat has passed?
#Ransomware #Shinyhunters #Canvas #EducationSector #StudentData
"Agreement:" reached in ShinyHunter's breach of Infrastructure's Canvas LMS .... the cybercrime gang returned the stolen data (which includes usernames, email addresses, course names, enrollment information, and messages) and provided shred logs confirming its destruction.
While not confirmed, it looks like a ransom payment was made. A webinar on May 13 may provide more details. https://www.instructure.com/incident_update #Breach #Hackers #ShinyHunters #Infrastructure #CanvasLMS #LMS #StudentData #DataPrivacy #Ransom #RansomWare #CyberCrime
Access to Registry Data
I was shocked to read in the news of the case of a lecturer at University College Dublin who has been charged with offences relating to unlawfully access of students’ personal information and use of that information to harass students. According to news reports, over 100 students were affected by these actions.
The case is still before the courts so it would not be appropriate to comment any further on it, but I hope it sets alarm bells ringing in universities everywhere about access to student information. University registry systems store personal data on each student, from home addresses and telephone numbers to photographs and confidential medical records. It has always worried me that a determined hacker could have access to very sensitive information they could use for nefarious purposes.
Higher education institutions do take data security very seriously. In the UCD case mentioned above the person concerned is alleged to have used some sort of malware to read student passwords and access personal data that way. That in itself is a criminal offence, quite apart from what this lecturer may have done with the information subsequently.
On the other hand, it does concern me greatly how much information about students may be routinely accessible by teaching staff without needing to do anything unlawful. For example, I can see no reason for lecturers to be able to access home addresses and private telephone numbers of students. The university needs to hold that information, of course, but I can see no legitimate purpose for individual lecturers to have access to it. Access to such data should be strictly limited to departmental administrators or other carefully selected staff, for use in very specific situations (e.g. emergencies). Otherwise a student database may become a stalker’s paradise.
I hope universities in Ireland and elsewhere will be sufficiently worried about this case that they will review not only the defence of their systems against unlawful access from outside, but also their policies on who inside the institution is actually allowed access to what data and why. The more people who can obtain this data, the greater the risk to students.
#DataSecurity #Harassment #StudentData #UniversityCollegeDublin
EdTech provider Illuminate Education has settled with the FTC after allegations that legacy vulnerabilities, outdated credentials, and delayed notifications contributed to a 2021 breach that exposed data from 10.1M students.
What safeguards should be mandatory for vendors handling children’s data today?
Follow @technadu for more independent InfoSec coverage.
#CyberSecurity #EdTech #FTC #StudentData #DataPrivacy #Infosec #CyberStandards #RiskManagement
🚨 PowerSchool Hacker Sentenced: 4 Years for 62M Student Data Breach
Matthew D. Lane, 19, hacked PowerSchool, stole sensitive info, demanded ransom, and now faces 4 years in prison with $14M restitution & $25K fine.
💬 How should K-12 platforms secure sensitive student and teacher data? Comment & follow @technadu for expert cybersecurity coverage.
#CyberSecurity #DataBreach #K12Security #PowerSchool #StudentData #Ransomware #Infosec #DigitalSafety #TechNadu #CyberCrime
Analyst207
BGDon 🇨🇦 🇺🇸 👨💻
Global News Okanagan
The-14
In the Dark
DysruptionHub
TechNadu
agile