Tag: breach

  • As Feds Crack Down on Huge Ed Tech Data Breach, Parents and Students Left Out – The 74

    As Feds Crack Down on Huge Ed Tech Data Breach, Parents and Students Left Out – The 74

    School (in)Security is our biweekly briefing on the latest school safety news, vetted by Mark KeierleberSubscribe here.

    The Federal Trade Commission announced this month plans to crack down on technology company Illuminate Education over a massive 2021 data breach. The move added to a long list of government actions against the firm since hackers broke into its systems and made off with the sensitive information of more than 10 million students.

    Three state attorneys general have also now imposed fines and security mandates on the company following allegations it misled customers about its cybersecurity safeguards and waited nearly two years to notify some school districts of the widespread data breach.

    The ones that haven’t made progress in their efforts to hold Illuminate accountable are parents and students.

    Their pursuit hit a wall in September when the Ninth Circuit Court of Appeals dismissed a federal lawsuit filed by the breach victims. The court, ruling on a case filed in California, found that the theft of their personal data — including grades, special education information and medical records — didn’t constitute a concrete harm.

    In the news

    Students walkout of East Mecklenburg High School in protest of U.S.Border Patrol operations targeting undocumented immigrants on Nov. 18 in Charlotte, North Carolina. (Getty Images)

    The latest in President Donald Trump’s immigration crackdown: In many cities across the country, from New Orleans to Minneapolis, resisting federal immigration enforcement means keeping kids in school. | The 74

    • Trump’s mass deportation effort has had a particularly damaging effect on the child care industry, which is heavily reliant on immigrant preschool teachers — most of them working in the U.S. legally — who have found themselves “wracked by anxiety over possible encounters with ICE.” | The Associated Press
    • ‘Culture of fear’: Immigrant students across the country have increasingly found themselves targets of bullying since the beginning of Trump’s second term, according to a new survey of high school principals. | The Guardian

    A Kansas middle school will no longer assign Chromebooks to each student: Computers have had “a wonderful place in education,” the school’s principal said. But schools have “simply immersed students too much in technology.” | KWCH

    A Florida middle school went into lockdown after an automated threat detection system was triggered by a clarinet. A student was walking in the hallway “holding a musical instrument as if it were a weapon.” | News6

    Sign-up for the School (in)Security newsletter.

    Get the most critical news and information about students’ rights, safety and well-being delivered straight to your inbox.

    ‘Got what he deserved’: A California teacher has filed a federal First Amendment lawsuit against her school after she was suspended for a Facebook post calling right-wing political activist and Turning Point USA founder Charlie Kirk a “propaganda-spewing racist misogynist” a day after he was murdered. | NBC News

    • In Florida, two teachers have filed separate First Amendment lawsuits after they were punished for social media posts critical of Kirk after his death. | First Coast News
    • Texas Gov. Gregg Abbott announced a partnership with Turning Point USA to create local chapters of the group at every high school campus in the state, vowing “meaningful disciplinary action” against any educators who stand in the way. | The Texas Tribune
    • Kirk’s wife, Erika Kirk, will field questions from “young evangelicals, prominent religious leaders and figures across the political spectrum” during a live town hall Saturday on CBS News moderated by its new editor-in-chief, Bari Weiss. | CBS News
    • ICYMI: The Trump administration’s First Amendment crackdown in the wake of the activist’s violent death has left student free speech on even shakier ground. | The 74
    Vice chair Robert Malone during a meeting of the CDC Advisory Committee on Immunization Practices on Dec. 5 (Getty Images)

    Following a shakeup in its ranks by vaccine skeptic and Health and Human Services Secretary Robert F. Kennedy Jr., a Centers for Disease Control and Prevention advisory committee voted to overturn a decades-long recommendation that newborn babies be immunized for hepatitis B — a policy credited with decimating the highly contagious virus in infants. | The 74

    • A measles outbreak in South Carolina schools is accelerating, with some unvaccinated students in a second 21-day quarantine since the beginning of the academic year. | NBC News  

    A photo that circulated online depicted California high school students lying in the shape of a swastika on the grass of a football field. Chaos ensued. | The Guardian

    ‘It feels nasty. It’s gross.’: Controversy has come to a head at a California high school after an adult film producer rented out the campus gym for a raunchy livestream. “The first thing I see is a full-grown adult, an adult man wearing a baby costume and being fed milk from a baby bottle,” one student observer noted. | NBC San Diego

    Two Texas teenagers allegedly conspired to carry out a school shooting at their high school but the plot was thwarted after classmates reported text messages with their plans to school police. “Don’t come to school on Monday,” one of the messages warned. | KHOU

    ICYMI @The74

    To Ease Civil Rights Backlog, McMahon Orders Back Staff She Tried to Fire

    A GOP push to limit public borrowing by graduate students could exclude many nursing students, as well as those training for several other professions. (Glenn Beil/Getty Images)

    Nurses, Social Workers Face ‘Bad Situation’ Under Proposed Loan Limits

    In New Mexico, Grandparents Caring for Grandkids Can Also Get Free Child Care Now(Co-published with The 19th)

    Emotional Support


    Did you use this article in your work?

    We’d love to hear how The 74’s reporting is helping educators, researchers, and policymakers. Tell us how

    Source link

  • L.A. Schools Telehealth Vendor Waited 8 Months to Report Breach – The 74

    L.A. Schools Telehealth Vendor Waited 8 Months to Report Breach – The 74

    School (in)Security is our biweekly briefing on the latest school safety news, vetted by Mark KeierleberSubscribe here.

    It’s another hot summer Friday and another day with news about a data breach — this one jeopardizing both student health and campus safety data.

    And once again, the development is unfolding in the country’s second-largest school district.

    Kokomo Solutions, which the Los Angeles district contracts with to provide telehealth services to students during the school day and to track campus safety threats, disclosed a data breach after it discovered an “unauthorized third party” on its computer network. The discovery happened in December 2024, but the notice to the California attorney general’s office wasn’t made until Aug. 5.  

    It’s the latest in a series of data privacy incidents affecting L.A. schools, including a high-profile 2022 ransomware attack exposing students’ sensitive mental health records and last year’s collapse of a much-lauded $6 million artificial intelligence chatbot project. 

    In the news

    Students at the center of Trump’s D.C. police takeover: In an unprecedented federal power grab, the Trump administration’s seizure of the D.C. police department and National Guard deployment is designed to target several vulnerable groups — including kids. | NPR

    • The move comes at a time when crime in the nation’s capital is on the decline. But a deep-dive from June explores how the district’s failure to prevent student absences has contributed to “the biggest youth crime surge in a generation.” | The Washington Post
    • Here’s what young people have to say about Trump’s D.C. takeover. | NBC 4
    • City police will roll out a youth-specific curfew Friday in the Navy Yard neighborhood. | Fox 5

    A new Ohio law requires school districts to implement basic cybersecurity measures in response to heightened cyberattacks. What the law doesn’t do, however, is provide any money to carry out the new mandate. | WBNS 

    News in Trump’s immigration crackdown: A federal judge in Minnesota has released from immigration detention a nursing 25-year-old mother, allowing her to return to her children as her case works its way through the court. | The Minnesota Star Tribune 

    • The Trump administration has revived one of its most controversial immigration policies from the president’s first term: Separating families. | The New York Times
    • Federal immigration officials quizzed an Idaho school resource officer about an unaccompanied migrant student, part of a broader national effort to conduct “welfare checks” on immigrant youth who came to the U.S. without their parents. | InvestigateWest
    • Leading Oklahoma Republican lawmakers have partnered with the Trump administration in a lawsuit challenging a state law allowing undocumented students to receive in-state college tuition. | InsideHigherEd
    • Los Angeles community members have organized to create protective perimeters around the city’s campuses after immigration agents reportedly drew their guns on a student outside a high school. | Los Angeles Times
      • The district announced new bus routes designed to improve student safety while commuting to school during heightened immigration enforcement. | NBC 4
    • The nonprofit Southwest Key, which for years has been the federal government’s largest provider of shelters for unaccompanied migrant children, has laid off thousands in Texas and Arizona after losing federal grants. The Trump administration dropped a lawsuit in March over allegations the nonprofit subjected migrant children to widespread sexual abuse. | ABC 15
    • A Texas court blocked the state attorney general’s request to depose and question a nun who leads Catholic Charities of the Rio Grande Valley, one of the largest migrant aid groups in the region. | The Texas Tribune
    Sign-up for the School (in)Security newsletter.

    Get the most critical news and information about students’ rights, safety and well-being delivered straight to your inbox.

    Microphone-equipped sensors installed in school bathrooms to crack down on student vaping could be hacked, researchers revealed, and turned into secret listening devices. | Wired

    ‘These are innocent children, sir’: New video of the delayed police response to the 2022 mass school shooting in Uvalde, Texas, shows the campus police chief attempting to negotiate with the gunman for more than 30 minutes. | The New York Times

    Kansas schools have become the latest target in the Trump administration’s campaign against districts that permit transgender students to participate in school athletics. | KCTV

    • The Loudoun County, Virginia, school board has refused to comply with an Education Department order to end a policy allowing transgender students to use restroom facilities that match their gender identity. | LoudounNow 
    • The Education Department’s Office for Civil Rights has opened an investigation into allegations the Baltimore school district ignored antisemetic harassment by students and educators. | The Baltimore Banner

    Lots of drills — little evidence: A congressionally mandated report finds that active shooter drills vary widely across the country — making it difficult to understand their effect on mental and emotional health. | National Academies of Sciences, Engineering, and Medicine

    A federal judge has blocked a new Arkansas law requiring that public schools display the Ten Commandments in all classrooms. It’s the second state Ten Commandments law to be halted this year. | Axios 

    ICYMI: I did a deep-dive into the far-right Christian nationalists behind more than two dozen state Ten Commandments-in-schools bills nationally — each of which are inherently identical. | The 74

    Is Texas up next? Civil rights groups will ask a judge on Friday to prevent a similar law from going into effect. | Houston Chronicle

    ICYMI @The74

    Despite Court Order, Education Department’s Civil Rights Staff Still On Leave

    ‘So Many Threats to Kids’: ICE Fear Grips Los Angeles at Start of New School Year

    Emotional Support

    Don’t sleep on this Bloomberg feature into “Doodlemania” — the billion-dollar industry for hypoallergenic (and floofy!) designer pups.


    Get stories like these delivered straight to your inbox. Sign up for The 74 Newsletter

    Source link

  • Data breach reporting lags in education, study finds

    Data breach reporting lags in education, study finds

    This audio is auto-generated. Please let us know if you have feedback.

    Dive Brief:

    • It took the education sector 4.8 months on average to report data breaches following ransomware attacks between 2018 and 2025, according to a report released last week by Comparitech.
    • Colleges and schools had the highest average reporting time for ransomware data breaches when compared to the business, government and healthcare sectors, Comparitech found in its analysis of over 2,600 U.S. ransomware attacks. 
    • At the same time, education companies — counted separately from colleges and schools — saw even higher reporting times at 6.3 months. Waiting months to disclose a data breach is dangerous, given that stolen data can be on the dark web before victims even know a breach happened, wrote the researchers for Comparitech, a cybersecurity and online privacy product review website.

    Dive Insight:

    Delayed reporting of data breaches comes at a time when schools and ed tech companies alike are grappling with the ongoing threat of ransomware attacks.

    Illustrating the prolonged response times for ransomware breaches, the latest Comparitech report pointed to Texas’ Alvin Independent School District confirming just this month that a June 2024 data breach impacted nearly 48,000 people. The data involved names, Social Security numbers, credit and debit card numbers, financial account information, medical and health insurance information, and state-issued IDs. 

    Organizations often wait to disclose a data breach because they are unsure if data was stolen following a ransomware attack until the hacker posts the stolen information on the dark web, Comparitech said. 

    “Data theft is a common component of ransomware attacks, so it’s not unreasonable for companies to assume hackers stole data, even if there isn’t any evidence to suggest data theft at first,” researchers wrote. “The worst thing to do is to jump to the conclusion that data hasn’t been stolen.”

    The FBI also advises against paying threat actors following a ransomware attack. If organizations pay a ransom, it still doesn’t guarantee any data will be recovered, the agency’s website states, adding that ransom payments can actually encourage more attacks.

    K-12 school districts have been especially concerned about a widespread breach of student and staff data across North America following a December 2024 ransomware attack on ed tech provider PowerSchool. 

    Though PowerSchool disclosed the cybersecurity incident about a week later, the company allegedly told districts not to worry about sensitive student and staff information being exposed. Five months later, however, PowerSchool publicly confirmed that, despite paying a ransom to threat actors, multiple school districts were being extorted with the same information stolen in the December incident.

    Since then, over 100 school districts — including Tennessee’s largest school system, Memphis-Shelby County Schools — have sued PowerSchool for negligence, breach of contract and false advertising.

    Source link

  • PowerSchool data breach leads to school extortion attempts

    PowerSchool data breach leads to school extortion attempts

    This audio is auto-generated. Please let us know if you have feedback.

    Dive Brief:

    • Threat actors are trying to extort some public schools by threatening them with teacher and student information stolen in a December 2024 data breach of PowerSchool’s Student Information System, according to recent statements from the ed tech software provider and the North Carolina Department of Public Instruction. 
    • PowerSchool confirmed on Wednesday that it paid a ransom to threat actors shortly after the Dec. 28, 2024, data breach. The company added that it believes the threat actors seeking ransoms from schools are using the same compromised data set from the December incident, which included student and staff names, contact information, some Social Security numbers, medical notes and a limited number of passwords. 
    • While PowerSchool’s December data breach appeared to impact a wide range of school districts across North America, a spokesperson on Friday told K-12 Dive that the threat actors have only contacted four school districts. Schools in locations ranging from North Carolina to Toronto began to report receiving such ransom threats this week. 

    Dive Insight:

    For years, the FBI has advised schools and other organizations not to pay ransomware demands, because doing so can embolden threat actors and there’s no guarantee that stolen data will be recovered.

    PowerSchool acknowledged in a Wednesday statement that it made a “very difficult decision” to pay a ransom after the December 2024 incident. The company said it thought paying a ransom was the best option for preventing the data from going public. 

    “In the days following our discovery of the December 2024 incident, we made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve,” PowerSchool said. “As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”

    A PowerSchool spokesperson said the company is not disclosing how much it paid to the threat actor. 

    Meanwhile in North Carolina, the state’s education department pointed out in a Wednesday statement that PowerSchool had assured its customers five months ago that the data compromised in the December 2024 data breach was not shared and had been destroyed. 

    “Unfortunately, that has proven to be incorrect,” the North Carolina Department of Public Instruction said. “PowerSchool is the party responsible for the breach. There is nothing NCDPI, school districts or individual schools could have done to prevent these violations.”

    The state education department added that it will not engage with the threat actors and that doing so would violate North Carolina law.

    Additionally, the department said the incident appears to be a global cybersecurity incident impacting customers in multiple states and Canada. An FBI investigation into the matter is ongoing, according to NCDPI.

    PowerSchool is working directly with the contacted schools and law enforcement, the company’s spokesperson said. The company is also providing free credit monitoring and identity protection services to students and staff. 

    Public pushback against PowerSchool since it announced the initial data breach in January has included multiple class action lawsuits. The company serves over 60 million students and 18,000 educational customers.

    The data breach occurred after a threat actor gained unauthorized access to an unknown amount of student and staff data by infiltrating the company’s PowerSource customer support portal for district and school staff. PowerSchool previously confirmed to K-12 Dive that the same system lacked multifactor authentication — a standard and encouraged practice for securing sensitive data.

    Source link

  • Data breach affects 10,000 Western Sydney University students – Campus Review

    Data breach affects 10,000 Western Sydney University students – Campus Review

    Students from Western Sydney University (WSU) have had their data accessed and likely posted to the dark web in a data breach event.

    Please login below to view content or subscribe now.

    Membership Login

    Source link