@funnymonkey @douglevin @mkeierleber
You might want to compare what the #FTC now requires of them to what Illuminate's settlement with three state attorneys general requires:
#enforcement #edtech #databreach #edusec #cybersecurity #incidentresponse
The Case for Making EdTech Companies Liable Under FERPA:
https://www.techpolicy.press/the-case-for-making-edtech-companies-liable-under-ferpa/
"Manassas City Public Schools (MCPS) are closed on Monday due to a cybersecurity incident that has led to connectivity disruptions and phone outages across the school system, officials said.
Dr. Kevin Newman, MCPS superintendent, said in a post on Facebook on Sunday that all MCPS schools will be closed on Monday, November 10, as a precautionary measure to ensure the safety and security of students, teachers, and staff. The school campuses are not at risk, he said."
Breaking Up With Edtech Is Hard to Do:
https://www.edsurge.com/news/2025-11-07-breaking-up-with-edtech-is-hard-to-do
Entities rush to declare that data hasn't been stolen/they haven't been hacked. They often wind up looking like liars or just more incompetent when the hacker starts dumping or leaking data as proof.
This week's example: U. of Pennsylvania, which quickly declared they hadn't been hacked and it was just a vulgar email sent out. The hacker seems to have proved otherwise.
A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents.
Two years after an audit highlighted significant concerns, the North Salem Central School District in New York is still leaving sensitive student data at risk.
When I read audits and follow-ups like these, I wonder whether the parents of the students in the district are aware of these reports at all. Maybe local #PTAs should be forwarding copies of these reports to parents and asking the district why more hasn't been done to implement recommendations made years ago.
And yes, some of you will remind me to have empathy for school districts and understaffed IT personnel. But if we don't want to see any Kido Schools breach here, we'd better start demanding more security and tolerating fewer explanations for inadequate security of student data.
Earlier today, Matthew Lane, the 19-year old from Massachusetts who confessed to hacking a telecom and #PowerSchool, was sentenced to 4 years in prison, 3 years supervised release after that, $14M in restitution, and forfeiture of $160k.
#EduSec #cybersecurity #ShinyHunters #G0retrance #databreach
NEW by me:
In a few days, the PowerSchool hacker will learn his sentence, and his life as he has known it will end.
Was he a kid who could have been a "white hat" with just a little encouragement? Are we missing opportunities with some kids?
NEW: PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom
#PowerSchool #EduSec #EdTech #Salesloft #Salesforce #cybersecurity #databreach
Offensive Sequence
Dissent Doe 
