Feb 182018
 

Patrick Cloonan reports:

Officials in the Purchase Line School District are looking to avoid a repeat of a recent case of theft by deception that targeted the district’s emails and approximately 100 of its vendors.

[…]

Their move is the latest in a series of steps taken since Jan. 31 when, as described by Superintendent Joseph A. Bradley, “our district was the victim of a email spoofing attack by an individual pretending to be a school district employee.”

No arrest has been reported in connection with the incident.

Read more on Indiana Gazette, although it’s a frustratingly vague report. What information was stolen by deception? Was this a W-2 phishing attack?  The district was not immediately available to respond to an inquiry emailed to it by this site.

Feb 152018
 

Joelle Kovach reports:

The agency that co-ordinates busing for schools in the Peterborough area has arranged for a security audit after it accidentally allowed public access to a database of student contact and busing information through social media.

Joel Sloggett, CAO of Student Transportation Services of Central Ontario (STSCO), said Wednesday that the personal information of five students – including addresses and dates of birth – was breached after a posting was made to the agency’s Facebook and Twitter accounts last week.

Read more on The Peterborough Examiner.

Feb 152018
 

Joe Johnson reports:

A University of Georgia student is facing 80 felony counts for allegedly hacking into a professor’s computer to change his grades.

Michael Lamon Williams, 21, was booked into the Clarke County Jail Wednesday on nine counts of computer trespass and 71 counts of computer forgery.

Williams, a student of UGA’s Terry College of Business, was working for Enterprise Information Technology Services when he “abused his privileges as an employee and changed grades to benefit himself,” said Greg Trevor, UGA’s executive director for media communications.

“The university is conducting a comprehensive review of its practices to make the necessary improvements to prevent this from reoccurring,” Trevor said.

Read more on OnlineAthens.

This time, students’ records left behind

 Posted by at 7:08 pm  Education Sector, Exposure, Lost or Missing, Paper, U.S.  Comments Off on This time, students’ records left behind
Feb 132018
 

Barb Ickes writes:

The 6-year-old’s psychological assessment is marked “confidential,” yet, there it is in my inbox.

I didn’t read it. Finding it in my email felt wrong enough.

But I understand what Jim Ziebell was doing. He was offering an example of the records that were left behind at a former school in Lost Nation, Iowa. He was proving the records are of a sensitive nature and could have ominous consequences if disclosed.

Ziebell bought the school in 2016 from the late Joe Seng — an Iowa state senator and well-known Davenport veterinarian who died later that year. Seng bought it from the Midland School District, which closed it in 2012, according to real estate records. For whatever reason, the school evidently became a collection point for student records from throughout the Midland district. Ziebell said he has birth certificates, Social Security numbers and “everything else” for about 100 students.

Read more on Quad-City Times.

Education Department Toughens Tone on Cyber and Threatens to Pull Funding for Non-Compliance

 Posted by at 6:32 pm  Commentaries and Analyses, Education Sector, Of Note  Comments Off on Education Department Toughens Tone on Cyber and Threatens to Pull Funding for Non-Compliance
Feb 132018
 

Sara A. Arrow and Craig A. Newman

Recently-issued guidance from the U.S. Department of Education (ED) threatens to “yank” Title IV funding for post-secondary institutions lacking appropriate data security safeguards. The guidance comes as the risk of educational data breaches has intensified, as we have previously reported. The stakes are even higher now that ED has put Title IV recipients on notice that, beginning in fiscal year 2018, they may be subject to compliance audits regarding their data security programs.

Read more on Patterson Belknap Data Security Law Blog.