Canvas LMS Faces Worldwide Disruption Amid Ransomware Attack

Canvas LMS is down globally due to a ransomware attack by ShinyHunters. Students face exam disruptions and data leak threats by May 12.

#CanvasLMS, #RansomwareAttack, #Cybersecurity, #StudentData, #EdTech

https://newsletter.tf/canvas-lms-down-ransomware-attack-students-affected/

Thousands of schools worldwide are affected as Canvas LMS goes offline due to a ransomware attack. Students cannot access course materials for final exams.

#CanvasLMS, #RansomwareAttack, #Cybersecurity, #StudentData, #EdTech
https://newsletter.tf/canvas-lms-down-ransomware-attack-students-affected/

Cyber Breach Casts Wide Shadow Over Victorian Schools, Exposing Student Data

Thousands of Victorian students' emails and encrypted passwords compromised in a major data breach affecting 1,700 government schools. Learn what data was taken and what happens next.

#VictorianSchools, #DataBreach, #StudentData, #CyberAttack, #VictoriaEducation

https://newsletter.tf/victorian-schools-student-data-breach-emails-passwords/

Personal data from 1,700 Victorian schools has been accessed, including student emails and encrypted passwords. This is a significant breach affecting thousands of students across the state.

#VictorianSchools, #DataBreach, #StudentData, #CyberAttack, #VictoriaEducation
https://newsletter.tf/victorian-schools-student-data-breach-emails-passwords/

Access to Registry Data

I was shocked to read in the news of the case of a lecturer at University College Dublin who has been charged with offences relating to unlawfully access of students’ personal information and use of that information to harass students. According to news reports, over 100 students were affected by these actions.

The case is still before the courts so it would not be appropriate to comment any further on it, but I hope it sets alarm bells ringing in universities everywhere about access to student information. University registry systems store personal data on each student, from home addresses and telephone numbers to photographs and confidential medical records. It has always worried me that a determined hacker could have access to very sensitive information they could use for nefarious purposes.

Higher education institutions do take data security very seriously. In the UCD case mentioned above the person concerned is alleged to have used some sort of malware to read student passwords and access personal data that way. That in itself is a criminal offence, quite apart from what this lecturer may have done with the information subsequently.

On the other hand, it does concern me greatly how much information about students may be routinely accessible by teaching staff without needing to do anything unlawful. For example, I can see no reason for lecturers to be able to access home addresses and private telephone numbers of students. The university needs to hold that information, of course, but I can see no legitimate purpose for individual lecturers to have access to it. Access to such data should be strictly limited to departmental administrators or other carefully selected staff, for use in very specific situations (e.g. emergencies). Otherwise a student database may become a stalker’s paradise.

I hope universities in Ireland and elsewhere will be sufficiently worried about this case that they will review not only the defence of their systems against unlawful access from outside, but also their policies on who inside the institution is actually allowed access to what data and why. The more people who can obtain this data, the greater the risk to students.

EdTech provider Illuminate Education has settled with the FTC after allegations that legacy vulnerabilities, outdated credentials, and delayed notifications contributed to a 2021 breach that exposed data from 10.1M students.

What safeguards should be mandatory for vendors handling children’s data today?

Follow @technadu for more independent InfoSec coverage.

#CyberSecurity #EdTech #FTC #StudentData #DataPrivacy #Infosec #CyberStandards #RiskManagement

🚨 PowerSchool Hacker Sentenced: 4 Years for 62M Student Data Breach
Matthew D. Lane, 19, hacked PowerSchool, stole sensitive info, demanded ransom, and now faces 4 years in prison with $14M restitution & $25K fine.

💬 How should K-12 platforms secure sensitive student and teacher data? Comment & follow @technadu for expert cybersecurity coverage.

#CyberSecurity #DataBreach #K12Security #PowerSchool #StudentData #Ransomware #Infosec #DigitalSafety #TechNadu #CyberCrime