Hackers Target Education, Student Lunch Is No Exception

Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about the Education industry and Education data breach. It provides brief summaries and links to articles and news across a spectrum of EdTech and cybercrime in Higher Education. Learn about the specifics of a bug bounty hacker job and how hackers target education.

The Hunger Games 2.0? Hacker compromised students’ data to destroy his lunch-serving business competitor

Vice on May 8, 2019

Data breaches in the education sector seem a commonplace in the news feed nowadays. Hackers target education and this fact does not surprise anybody. Still, when we were reading about this noteworthy incident that had violated the data privacy of San Francisco Bay Area students, we raised our eyebrows.

Keith Wesley Cosbey, the Chief Financial Officer of Choicelunch providing lunches to Bay Area Students, chose an original method of taking down his competitor. The 40-year-old attacker hacked the website of The LunchMaster that caters Northern California schools and got access to the customer database containing everything from students’ grades to their meal preferences as well as food allergies. After that, he sent this information to the Department of Education to illustrate the incompetence of LunchMasters in protecting students’ privacy.

Probably, the government reaction was unexpecting for Cosbey – the Department of Education reported the data breach to LunchMaster so that the company immediately started the investigation.

Now Cosbey is facing charges of identity theft and unauthorized computer access and can spend the next three years in prison. We suppose the malefactor would not like to investigate what kinds of meals are served there.

When openness is the key: Verizon 2019 Data Breach Investigation Report

EdScoop on May 10, 2019

Speaking about education, Malcolm Forbes, an American entrepreneur and a publisher of Forbes magazine, founded by his father B. C. Forbes, stated, “The purpose of education is to replace an empty mind with an open one”.

Although the statement is truly inspiring, when it comes to students’ privacy and data protection, the openness of the education industry is a great security challenge.

According to Verizon 2019 Data Breach Investigation Report, the range of cyber threats, education sector faces every day, is incredibly wide – from software vulnerabilities to cryptojacking and phishing campaigns. Nevertheless, human error is still the main cause of 35% of data breaches in the last year.

Gabe Bassett, an information security data scientist for Verizon emphasizes that different kinds of data, including personal information and intellectual property, attract more interest of malefactors. He also said, “education has to balance their security need with flexibility.” Therefore, if hackers target education, is openness always a suitable key?

Biometrics in K-12 to institutions: two sides of the same coin

EdTech Magazine on May 7, 2019

Nowadays biometric technology is an ordinary practice for K-12 institutions. The implementation of iris scans and the “facial fingerprints” technology allows IT specialists to achieve various purposes: to control the access to buildings and labs, track students’ attendance, manage different kinds of payments, and even ensure students get on the right buses.

Nevertheless, despite the obvious advantages and security benefits of biometrics, some organizations are yet to implement the technology out of concern for data privacy.

Much of the data that schools retain is considered “directory information.” That’s information such as students’ names, physical addresses, email addresses and other records. The chain of custody for that data, and what happens with it, isn’t always clear — especially when educational technology companies are bought and sold.

Rachael Stickland, co-chair of the Parent Coalition for Student Privacy

Bug bounty career: how companies can employ ethical hacker?

Tech Native on May 9, 2019

Last week we mentioned that a bug bounty hacker career, popular among digital natives, is more achievable than you may think – nearly 80% of hackers prefer online resources and blogs as their primary source to upgrade the professional experience. Now it is time for employers. Where to find an ethical hacker?

• Bug bounty scheme is the most common method: any member of the public can find out the vulnerability and get a chance to earn a bounty.
• Using crowdsourcing and paying incentives allows hackers to showcase their skills and experience, while the hiring organization gains new dimensions of security perspectives.
• Hiring hackers direct. However, companies should carefully investigate the previous career of a potential worker as employing an ex-cybercriminal is a risky decision.

Fish morning, ladies and gentlemen.
How do you find the bug bounty?