Technologists stumbled across how an Elasticsearch database, used by the education company OneClass had been left unsecured. The data that was leaked contained some 27 GB of data, which represented some 8.9 million records. The records exposed included the full names of learners; together with email addresses, colleges, smartphone numbers, access account details and other data that could be traced to an individusal. OneClass is a venture capital-backed startup that enables students to collaborate and share study resources from self-created lecture notes.
Looking at this data loss for Digital Journal is Pulse Secure’s Product Marketing Manager, Rene Paap.
Paap says that multiple data loss issues have impacted on the educational sector over the past few years, such as Chegg (April, 2020) and Mathway (May, 2020).
Concerningly, with the high-profile data losses noted, the rate of attacks are rising. According to Papp’s analysis: “Malicious actors have escalated attacks against the education sector.” This has transmorphed “unsecured databases into serious threats, as the compromised information makes victims easier targets for phishing schemes.”
This means new measures need to be taken by digital education providers. Here Paap recommends: “Security controls across the edtech supply chain need to adapt to an expanded attack surface. As edtech companies adapt to the rapid increase in demand for online learning through cloud databases, they must be more vigilant on Zero Trust policy adherence.”
Outlining what is meant by the ‘Zero Trust’ approach: “The Zero Trust principle dictates that no connectivity is allowed until a user and their device is authenticated.”