Hacker sent email with 1,200 partial social security numbers to school staff

 Posted by at 7:03 pm  Education Sector, Exposure, U.S.
Apr 222018
 

Karen Yi reports:

In the age of online shopping, computer hacks and data breaches, identity theft is not necessarily a shock. But, you’re probably not expecting to get an email listing portions of your colleagues’ social security numbers.

But, in the Irvington school district, that’s exactly what happened.

Partial social security numbers of more than 1,200 employees at Irvington schools were distributed via email on Monday to an unknown number of recipients, according to the school district.

Read more on NJ.com.

TN: County Schools Testing Disrupted By Suspected Hacking of Questar

 Posted by at 2:44 pm  Education Sector, Hack, Subcontractor
Apr 212018
 

Eugenia Estes reports:

Annual state-mandated assessment testing did not get off to the best start this week for many systems, including Greene County Schools, due to what is being investigated as a cyber attack on the company that handles online TN Ready testing for the state.

Although there were some disruptions to the testing for some students in Greene County Schools on Monday and Tuesday, testing did continue and students were able to finish their exams, according to Julia Lamons, data supervisor for the district.

Read the full report on Greenville Sun.

Regular readers may recall that Questar was mentioned on this site earlier this year when they had a breach that affected a number of schools in Mississippi and New York. Although it has not been confirmed that Questar was attacked this past week, from the reporting on the Greenville Sun, it does sound like it is likely.

Update:  So, it’s more than just Tennessee, it seems. I’m still getting caught up with news, but it appears that seven states may have been impacted, including New YorkSouth Dakota, Mississippi,  and Missouri. Two other states were not as “negatively affected.

So clearly there needs to be a deep investigation into what happened and how the vendor can prevent a recurrence of the problem.

Ca: Camp fYrefly notifies former participants, volunteers of data breach

 Posted by at 6:52 am  Education Sector, Insider, Non-U.S.
Apr 202018
 

Caley Ramsay reports:

Upwards of 700 former participants, volunteers and youth leaders of Camp fYrefly may have had their personal information compromised, according to the University of Alberta.

An internal investigation found a former employee with the for Sexual Minority Studies and Services (iSMSS) Camp fYrefly downloaded and shared personal information about some camp participants, volunteers, youth leaders and facilitators in violation of university policy, the U of A said in a media release on Thursday.

Read more on Global News.

Former student charged In cyber attack

 Posted by at 11:48 am  Education Sector, Hack, Insider, U.S.
Apr 192018
 

Fox47 reports:

An attack on Ingham Intermediate School District’s online network and the person police say is responsible was one of its own students. The incident happened in February 2017.

On Wednesday FOX 47’s Alani Letang learned more on that student, who now faces criminal charges after shutting down the district’s internet servers.

Police say 19-year old Brandon Barlett targeted the district in a ransomware attack. That attack didn’t put students or staff in danger but did affect the day to day operations of the school district.

“A couple hours in the morning a couple in the afternoon over a period of ten days is between 30-40 hours that the internet was down. The impact of teaching and learning of students and the productivity of our school employees,” said Scott Koenigsknecht- Ingham Intermediate School District Superintendent

Read more on Fox47.

TX: Victoria ISD notifies employees of breach involving their personal information

 Posted by at 7:57 pm  Education Sector, Hack, U.S.
Apr 182018
 

Let’s remember that k-12 school districts often maintain medical information on their employees, as this notification from Victoria Independent School District in Texas reminds us.

In this case, some employee email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees’ personal information, including “name, address, Social Security number, government-issued identification number, financial account information, and/or medical information.”  You can read the full notification, below.  The district offered those affected services with ID Experts:

victoria-independent-school-20180410
 Older Entries