Hackers Easily Can Reach Education Data Breach

March 12, 2019

Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about the Education industry and Education data breach. It provides brief summaries and links to articles and news across a spectrum of cybersecurity and tech development topics that are specific to the industry.

Once upon a time in a far southern Georgia land, there was the Thomas County School District. There was peace and serenity until hackers decided to steal the payment credentials of the district employees. Feel creepy? Hackers managed to breach three private US colleges last week. They accessed sensitive students’ data and required a ransom for the files.

Three US colleges were hacked for ransom

Inside Higher Ed on March 11, 2019

3:0 on the scoreboard, hackers are winning.

Hackers managed to breach three private US colleges last week. They accessed sensitive students’ data and required a ransom for the files.

Some applicants of Grinnell, Hamilton, and Oberlin Colleges received the emails, offering them an opportunity to buy their admission files, including comments made on them by admissions officers, ratings assigned to them, reports on interviews and in some cases the tentative decisions made on whether to admit them.

Guess the amount of ransom demanded? Attackers charged 1 BTC (nearly $3890) for this private data. While the investigation of the incidents is still ongoing, the colleges’ authorities strongly recommend not to respond to the emails. All three colleges use the services of Slate for handling applications and managing related documents. However, the vendor denies the guilt of education data breach.

Slate was not hacked. Rather, an unauthorized party used weaknesses in the password reset systems operated by three colleges to gain access to the campus resources – not just Slate – to which the user had access. We are not aware of any other colleges that have been similarly impacted.

Alexander Clark, CEO of TechnoSolutions

2FA saved credentials of the Georgia school district employees

EdScoop on March 6, 2019

Unlike the previous piece of news, this one reminds a fairytale with a classical happy end, but instead of a dragon, a princess, and a villain, there was a fearless cybersecurity system protecting the crucial data from hackers’ attacks and education data breach.

Once upon a time in a far southern Georgia land, there was the Thomas County School District. There was peace and serenity until hackers decided to steal the payment credentials of the district employees. Feel creepy?

Although your answer is probably a skeptical “no”, district officials experienced a range of emotions. On the 7th of February, hackers gained unauthorized access to the district computer storing private banking information that actually included the names, ID numbers, bank account, and routing numbers of the district staff.

Indeed, this story would not end happily unless two-factor authentication frustrated the malefactor’s attempt. The district stated in its breach notification that “protecting the security of our employees’ personal information is a top priority.”

Focusing on campus cybersecurity: three areas hackers prefer

EdTech Magazine on March 5, 2019

Have you ever counted how many devices you have? According to the Pew research center, 73% of the US adults have their own computers and more than 50% of respondents own tablets. It is no wonder that smartphones, laptops, watches, tablets, printers are convergent with the modern education experience.

Any college campus today has at least three personal devices for every student or faculty member. While gadgets are everywhere and the number of devices connected to the campus network constantly increases, the issue of education data breach is especially topical. Experts emphasized three common reasons, why university networks are the prime targets for cybercriminals. There are:

  1. Identity theft. Due to their inexperience, students often expose their financial data, using unsecured devices when creating or accessing accounts.
  2. Espionage. Universities are particularly vulnerable to this form of cyberattack, as they keep a great amount of personal information and valuable research.
  3. Notoriety. Sounds weird but nearly 11% of unauthorized attacks against universities were made “just for fun,” according to Verizon’s “2018 Data Breach Investigations Report.”

Actually, the landscape of education insecurity is much more diverse, so IT teams need to be ready for everything.



Bobby the Fish

Just to remind you, Bobby the Fish is our cybersecurity assistant who helps us to show ins and outs of data security in education from a different angle. Bobby could not ignore the incidents happened this week.

Fish morning, ladies and gentlemen.

To phish, or not to phish, that is the question… Of course, not to phish. If Sharkspeare had known that in the 21st century fish stocks would be so reduced, he would have forbidden fishing at all.

My man Anthony is so anxious today, he is going back and forth, talking about the incidents. Why has he forgotten to feed me? My granddaddy Fred told that, when winter comes, fish has to eat less. Thus, where is the ice?

Secretly, the only thing I am afraid of is Anthony’s cat. Speaking like Anthony, it is my global threat. And I need to mitigate it.

Where is Anthony? I am hungry.

Bobby the Fish

Contact us

NO SPAM.
WE RESPECT YOUR PRIVACY.
*Average response time is 6 hours
More on:
Admins (45) Audit (23) CISO (21) Defense (69) Education organization (64) Espionage (7) Fraud (14) Higher Ed (54) Incident response (20) IoT (17) IT leaders (35) K-12 (47) Ransomware (14) Risk management (25) Team (46) Technology (88) Threats (69)