Education Sector | Office of Inadequate Security

WI: Hack of Cooperative Education Service Agency 10 web portal reveals faculty passwords

Breach Incidents, Education Sector, Hack, U.S. No Responses »

May 082013

WEAU reports:

A school district service agency says teachers’ passwords were hacked and Tuesday night it’s getting out the message to the people affected.

CESA 10′s administrator tells WEAU its old web portal where teachers registered for classes was hacked, and it’s now using a new site that is not affected.

CESA, which stands for Cooperative Education Service Agency, serves 29 school districts in our area.

It sent a statement to affected school personnel Tuesday evening. It says the information that was hacked is old, but did include passwords. While the information was old, CESA’s note asks teachers to change their passwords if they tend to use the same one for other things in their daily life.

WEAU was able to locate the hacker’s page, which appears to be from Africa. It claims it has e-mails and phone numbers as well as passwords for 8,000 people. WEAU is not listing the website’s address out of respect to the teachers listed.

SC:Personal data from 12,000 York Tech applicants may have been exposed

Education Sector, Exposure, U.S. No Responses »

May 072013

Don Worthington reports:

The names, Social Security numbers and driver’s license numbers of more than 12,000 online student applicants at York Technical College might have been exposed, school officials said Tuesday.

And it was one of the applicants who discovered the problem and brought it to the college’s attention.

[...]

York Tech President Greg Rutherford said the applicant who discovered the problem used a computer tool that would allow him to make changes to the online system and “potentially view data.”

The applicant contacted the college April 16 about the vulnerability.

Rutherford declined to release the person’s name, saying he was not a college employee or a current student. He said the person, who he identified as someone experienced in information technology, wants to come to York Tech to add to his computer certification, possibly this summer or fall.

Follow-up: How did a hacker get into UGA system?

Breach Incidents, Education Sector, Hack, Insider 2 Responses »

Apr 292013

Joe Johnson reports some of the follow-up on University of Georgia hack disclosed last year:

University of Georgia officials thought they may have been under attack from multiple hackers when the identities of thousands of employees and students went missing last fall.

But it turned out to be the work of a single person, a former UGA student, who used a proxy server that disguised the Internet Protocol address of his computer.

According to documents recently filed in Clarke County Superior Court, 26-year-old Charles Stapler Stell used a London-based website, Hidemyass.com, when breaking into UGA’s Identity Management System.

‘Glitch’ publishes private info of more than 100 Oakland Community College students

Breach Incidents, Education Sector, Exposure, U.S. 2 Responses »

Apr 242013

Diana Dillaber Murray reports that a “computer glitch” is being blamed for students’ information being exposed on the Internet:

Oakland Community College is investigating how personal information of more than 100 students in connection with student loans became available on the college website.

The information has been removed from the website and OCC officials are working with search engines to remove the information that was already stored on Google, said George Cartsonis, OCC spokesman.

[...]

Personal information such as social security numbers and addresses of 129 students went on the college website last Friday afternoon.

The information was removed from the college website as of 10 a.m. Monday, after one of the affected students notified OCC of the issue.

Read more on Oakland Press. It’s not clear to me that the data really first “went on the college website” on Friday. That just may be when it was noticed.

I wonder how they’re going to discipline “glitch” for this….

Eight years of data breaches in higher education

Breach Incidents, Commentaries and Analyses, Education Sector Comments Off

Apr 192013

Courtesy of Open-Site.org, used under Creative Commons License:

Click on image for larger version.

For more breaches from the education sector, including k-12 breaches, see DataLossDB.org.

Justice Institute employee sues ICBC for privacy breach that allegedly led to her vehicle torched, bullets fired at home

Breach Incidents, Business Sector, Education Sector, Insider, Non-U.S. Comments Off

Apr 192013

I had described it as what might be the worst – or one of the worst – breaches of 2011. An unnamed employee of the Insurance Corporation of British Columbia (ICBC) had allegedly accessed information on over 60 people and passed the information along to an unidentified man. At least 13 students associated with the college were subsequently victimized by the shooting/arson incidents.

Now Neal Hall reports that another lawsuit has been filed against ICBC by one of the victims.

Given that this came to light in September 2011, I’m mildly surprised that no criminal charges have as yet been filed in this case.

Older Entries