Education Sector

Little Rock school district seeks cyberattack disclosure guidance

Arkansas Online reports: The Little Rock School District is continuing to seek an attorney general’s opinion on the legality of holding private school board meetings when reacting to a cyber- or ransomware attack on a district’s electronic information systems. Little Rock Superintendent Jermall Wright sent a lengthy letter in January to the attorney general’s...

Another Texas school district with a data breach? (UPDATED)

LockBit has added White Settlement Independent School District in Texas to their leak site, with a proof pack that suggests that the threat actors were able to access — and may have exfiltrated — a lot of files. The listing was added yesterday.   There is no notice on WSISD’s website that DataBreaches could...

Misconfiguration caused data breach affecting Stanford University PhD applicants

Sergiu Gatlan reports: Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of...

Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition

Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of...

Data Breach Reported At Mount Pleasant Central School District

Ben Crnic reports: A data breach may have exposed information related to some students at a school district in Northern Westchester. The breach was announced by Mount Pleasant Central School District Superintendent Peter Giarrizzo on Friday, Feb. 17, who said that several student email passwords may have been compromised by the incident. After the data...

Update to the Des Moines Public School ransomware attack

For some students in Des Moines, Iowa, the return to school after the winter holidays was soon interrupted by a cyberattack that resulted in classes being canceled. But as classes continued to be canceled, it became clearer that restoration and recovery would not be quick. By January 11, two days after the announcement of...