Connect with us

Hi, what are you looking for?

Tech & Science

Student data exposed in education software hack

Schools, universities and education providers are prime targets due to the vast quantities of personal data.

Mongolian pupils go back to school and end long education exile
Mongolian children have returned to the classroom after along a Covid-shutout - Copyright AFP/File Byambasuren BYAMBA-OCHIR
Mongolian children have returned to the classroom after along a Covid-shutout - Copyright AFP/File Byambasuren BYAMBA-OCHIR

A recent cybersecurity issue has affected a major education software company called SmarterSelect, which is based in the U.S. The exposure leaked personal data of 1.2 million students (from the period November 2020 to September 21, 2021). The incident was reported by TechCrunch.

The incident occurred because of a misconfigured Google Cloud Storage bucket, as detected by the cybersecurity company UpGuard. The type of data leaked included Social Security numbers, proof of COVID-19 vaccinations and descriptions of hardships. In all, 1.5 terabytes of data were exposed. Schools, universities and education providers are prime targets due to the vast quantities of these types of data.

According to Greg Pollock, UpGuard’s vice president of cyber research: “We talked about PII — this is 500 words of deeply personal identifiable information. Sometimes you may need to demonstrate hardship, so you need you and your parents’ financial statements.

At present, it is uncertain if malicious actors have been able to take advantage of the flaw to access personal data.

Looking into the issue for Digital Journal is I wanted to offer expert insight from Keith Neilson, Technical Evangelist at CloudSphere.

According to Neilson the fact that education is a sector that is firmly within the target of malicious actors means that institutions need to take proactive action to stem the cybersecurity risks.

Neilson recommends: “Educational institutions must take a comprehensive approach to cyber asset management to avoid inadvertently exposing the highly personal information of their applicants, students and staff. This includes having visibility into how their data is managed and protected in vendor and partner environments as well.”

In particular, there are important things to avoid doing. Neilson suggests: “Leaving databases exposed without even basic password protection is an all-too-common cause of data leaks but can be avoided.” By addressing these issues then the risks of cyber-incidences reduce. Neilson recommends that: “Organizations must take inventory of the cyber assets hosted within their IT environments and consider leveraging a cyber asset management platform providing holistic, real-time observability to ensure proper security guardrails are in place, at all times.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

Boris Johnson's own MPs say they will rebel against the government's new coronavirus restrictions - Copyright UK PARLIAMENT/AFP JESSICA TAYLORFighting for his political life,...

World

Any statistician will tell you that the real problem with stats is getting them right and drawing the proper inferences.

World

Airlines across the world, including the long-haul carrier Emirates, rushed Wednesday to cancel or change flights heading to the U.S.

World

A Syrian doctor went on trial in Germany on Wednesday accused of crimes against humanity including torture and murder in his homeland.