Apr 192019

Breaches that involve health data generally will cost you more. Asia Fields reports:

Washington State University learned a costly lesson after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Now, the university is going to have to pay even more.

In a settlement approved in King County Superior Court on Thursday, the university agreed to pay up to $4.7 million in cash reimbursements, attorneys fees and administrative expenses. On top of that, the university will pay for two years of credit monitoring and insurance services for up to 1,193,190 people, according to the settlement agreement.

Read more on Seattle Times.

Apr 132019

AP reports:

The first online election for student government at Berkeley High School became a lesson in more than democracy. Students also learned about vote fraud, hacking and digital privacy after a high school junior who was running for class president cast hundreds of fake online votes for himself.

As many as 2,400 students were eligible to vote by email in last month’s weeklong election. When a sudden surge in votes for one candidate started coming in the day before the election was to end, though, the school’s director of student activities, John Villavicencio, became suspicious.

Read more on Westport News.

So how much of this was facilitated by the way schools use Google and EdTech?  The reporter notes:

The cheating candidate, a junior making his second run for class president whose name was not released, had access to a list containing students’ names and ID numbers. Voting in the election, it turned out, was done using a Google form that could be accessed using Gmail accounts issued to students by the district, with a default password that includes each student ID number.

I wonder what other mischief or mayhem could be perpetrated with a default password system…..

Apr 122019

Sarah Elms reports:

A University of Toledo counselor accused of improperly disclosing a student’s personal health information has been fired.

University officials on Dec. 18, 2018, notified Mychail Scheramic that his employment would be terminated at close of business March 18. He was hired in 2017 as the university’s counseling center director and was paid an annual salary of $90,000.

A university spokesman on Friday would not discuss the circumstances surrounding Mr. Scheramic’s firing. A document in his personnel file classifies his separation from UT as an “involuntary termination” but does not provide further details about what prompted the firing.

Dallon Higgs, a student in UT’s physician assistant program, last month sued the university, Mr. Scheramic, and his wife, physician assistant program chairman Dr. Linda Speer, who remains employed at UT. A Blade reporter requested Mr. Scheramic’s personnel records from UT when the lawsuit was filed.

Read more on the Toledo Blade.

Apr 022019

WSB-TV reports:

Georgia Tech says more than a million people’s personal information may have been exposed after someone gained “unauthorized access” to a web application.

Officials said the breach impacts 1.3 million people, including “some current and former faculty, students, staff and student applicants.” They do not know what information was taken from the system, but it may include names, addresses, Social Security numbers and birth dates.

It’s a massive number considering the school’s current enrollment is just under 27,000 students plus faculty.

Read more on WSB.  And keep in mind that this is not Georgia Tech’s first breach.  If you search this site for “Georgia Tech,” you’ll find  a number of other incidents that have been noted on this site — and those are only the ones that I know about.  There could be more, and probably are more.