Data breaches grow across UK education sector

IT Governance

A recent freedom of information request by chartered accountants UHY Hacker Young reveals a worrying rise in reported data breaches across the UK education sector. The high-profile GDPR (General Data Protection Regulation) mandates data breach reporting in many cases, and a lot of incidents have been reported since the Regulation came into force, but the numbers shared by the ICO (Information Commissioner’s Office) reveal a growing trend even before then.

Online education site EduCBA discloses data breach and reset customers? pwds

Security Affairs

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident. Online education website EduCBA discloses a data breach, it has started notifying customers that in response to the incident it is resetting their passwords. EduCBA is a leading global provider of skill based education with 500,000+ members across 40+ Countries.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cloud computing provider Blackbaud paid a ransom after data breach

Security Affairs

Cloud software provider Blackbaud revealed to have paid crooks to decrypt its data following a ransomware attack that took place in May 2020. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.

Fixing Data Breaches Part 1: Education

Troy Hunt

We have a data breach problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification. That was really our mandate - understanding the impact on how we verify ourselves - but I want to go back a step and focus on how we tackle data breaches themselves. Let's get started with one I raised multiple times whilst sitting in front of Congress - education.

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach.

Meal delivery service Home Chef discloses data breach

Security Affairs

Meal delivery service Home Chef has confirmed that it recently suffered a security breach that exposed its customer information. Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. million $1,200 Minted 5 million $2,500 Styleshare 6 million $2,700 Ggumim 2 million $1,300 Mindful 2 million $1,300 StarTribune 1 million $1,100 ChatBooks 15 million $3,500 The Chronicle Of Higher Education 3 million $1,500 Zoosk 30 million $500.

List of data breaches and cyber attacks in February 2020 – 623 million records breached

IT Governance

The 632,595,960 breached records accounts for about a third of January’s total, and is considerably lower than the figures for this time last year. Unfortunately, the number of breached records doesn’t tell the full story, as there were a whopping 105 incidents – making February 2020 the second leakiest month we’ve ever recorded. Ordinance Survey discovers breach of employee data (1,000). South Carolina-based United Health notifies patients of 2019 data breach (36).

Chegg discloses the third data breach in the last two years

Security Affairs

The American education technology firm Chegg discloses a security breach, it already sent notifications to its employees. The US education technology company Chegg discloses a security breach that took place in early April, the firm already sent notifications to its employees. The data breach notification sent on April 28 inform the employee of a security breach that impacted some of their personal information.

A 6-step guide to surviving data breaches

IT Governance

Any day during which you find out that you’ve been breached will be bad. Under the GDPR (General Data Protection Regulation) , organisations have 72 hours from the moment they become aware of a breach to report the incident. They can do this either by email or telephone, but it’s not as simple as saying “we’ve been breached”. Disclosing a breach promptly can save organisations a significant amount of money and enable those affected to secure compromised accounts.

Thinkful forces a password reset for all users after a data breach

Security Affairs

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The online education platform for developers Thinkful has suffered a data breach, just a few days after it has announced it would be acquired by the education tech firm Chegg for $80 million. ” reads the data breach notification sent by the company.

List of data breaches and cyber attacks in August 2020 – 36.6 million records breached

IT Governance

There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents. Data breaches. The post List of data breaches and cyber attacks in August 2020 – 36.6

How should you investigate a data breach?

IT Governance

Digital Guardian recently asked a group of cyber security experts what the most important step is following a data breach. This might seem counterproductive: with so much post-breach chaos, from isolating the incident and letting staff know what’s going on to getting back to work and notifying affected individuals, surely it’s a time to be looking forward, not backward. So how should you approach a data breach investigation?

54% of universities reported a data breach in the past year

IT Governance

A survey has found that 54% of UK universities reported a data breach to the ICO (Information Commissioner’s Office) in the past 12 months. The lack of investment in staff awareness training is particularly dangerous when you consider the amount of sensitive data that universities hold.

Personal data breaches in schools, to report or not to report?

IT Governance

Under the GDPR, all personal data breaches need to be recorded by the organisation and there should be a clear and defined process for doing so. In some circumstances, breaches also need reporting to the ICO (Information Commissioner’s Office) and within 72 hours of their discovery. In the third of our #BreachReady blogs for schools, we explore which typical school breaches need reporting. Understanding what constitutes a personal data breach.

The enemy within: three types of employees that cause data breaches

IT Governance

Negligent employees are the leading cause of data breaches at small and medium-sized businesses across North America and the UK, according to a recent study from Keeper Security. But his best isn’t good enough, because this year Ian singlehandedly caused a data breach that cost his company more than £20,000. In one fell swoop, the hacker gained access to all of Ian’s user data, including login credentials and company credit card numbers. Education is prevention.

Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Hunton Privacy

On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act. Expand the definition of a breach to include login credentials, meaning “a consumer’s user name or e-mail address, in combination with a password or an answer to a security question, that together permit access to an online account.” Student Data Privacy.

UEA suffers data breach blunder

IT Governance

The University of East Anglia (UEA) has suffered a data breach after an email containing sensitive medical information about a staff member was sent to about 300 students. This is the second breach in five months for UEA, both of which were reported to have been caused by human error. The steps that the university is taking have been imposed upon them by the Information Commissioner’s Office (ICO), and are in response to a breach earlier in the year. Educating staff.

2.6 billion records exposed in 2,308 disclosed data breaches in H1

Security Affairs

billion data records have been exposed in data breached in the first half of 2018. According to a new report titled “ Mid-Year 2018 Data Breach QuickView ” published by the cyber threat intelligence company Risk Based Security some 2.6. billion data records have been exposed in the first half of 2018. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information.

Melbourne professor quits after health department pressures her over data breach

The Guardian Data Protection

In 2016, Vanessa Teague, a cryptographer from the University of Melbourne, and two of her colleagues reported on a dataset , published on an open government data website by the federal government, of 2.5m Australian universities Melbourne Data protection Technology Australian education Australia news

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Hunton Privacy

The Italian Data Protection Authority ( Garante per la protezione dei dati personali , “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. Enforcement European Union Information Security International Data Breach Data Protection Authority Italy Personal Information

Prepare for a healthcare data breach this summer

IT Governance

You’ll no doubt be taking measures to protect yourself against sunburn, but don’t forget that your organisation needs to apply its own SPF (security protection factor) to protect itself from data breach damage. Data breaches can occur at any time, but organisations are particularly vulnerable during the summer holidays, when cyber criminals take advantage of lower staffing levels to launch malicious attacks. Data breach statistics.

Sign up for the new education sector email updates

IT Governance

To support the wider education sector with data protection and cyber security, we are launching a sector specific email newsletter and blog series. To sign-up, send us ideas of what you would like us to cover or questions for us to answer, please leave complete this form and choose education as your sector. More about our education sector products and services.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records. Granted, a big chunk of those come from a single incident – a mammoth breach involving a Chinese smart tech supplier – but as unimaginative football commentators say, ‘they all count’. Philadelphia Federal Credit Union confirms security breach (unknown). State-sponsored hackers breach Greece’s top-level domain registrar (unknown).

List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked

IT Governance

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total. which breached sixteen years’ worth of insurance data. That incident accounted for more than 60% of all of May’s breached records. Hackers steal card data from 201 online campus stores in US and Canada (unknown). Binance breached as hackers steal £38 million in bitcoin (unknown). Data breaches.

10 Steps for Data Breach Prevention in the Workplace

Archive Document Data Storage

UK businesses face unprecedented levels of data security threats. How are you protecting your corporate data? Here are ten steps for reducing your data breach exposure: 1. You can’t protect your data without knowing where it’s stored. Locate your document and data storage repositories. A team of dedicated indexing specialists will categorise and label your documents and data so you have a full account of your information.

Fixing Data Breaches Part 5: Penalties

Troy Hunt

In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. It was inevitable that we'd eventually end up talking about penalties though because the fact remains that although all the aforementioned recommendations make perfect sense, we're still faced with data breaches day in and day out from companies just not getting the message.

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect. Fixing Data Breaches Security

Fixing Data Breaches Part 4: Bug Bounties

Troy Hunt

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education ; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws. The Economics of Breaches and Bug Bounties. Fixing Data Breaches Security

University fundraising under scrutiny after data breach allegations

The Guardian Data Protection

Information Commissioner to look at evidence of wealth screening of former students before approaches made for donations University fundraising is to be examined by the Information Commissioner after allegations emerged that the personal data of some alumni was being misused. Elizabeth Denham has committed to look at evidence which allegedly shows UK universities belonging to the Russell Group sent former students’ data to firms for wealth screening before approaching them for donations.

Inside CUNA's 'Stop The Data Breaches' Congressional Push


As we approach the 10th month of the year, it's clear that 2019's data breach statistics will once again be one for the record books. Congress to pass meaningful data security legislation. Last month, CUNA created ‘Stop the Data Breaches’ MAP campaign (member activation program) directed " credit unions to make Congress aware that there cannot be data privacy without data security."

Mapping the threat: an insight into data breaches across Europe

Thales eSecurity

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. A significant amount of money to lose for any business, now the perils of a data breach just got a lot more serious. Fighting breaches with budgets. Data security

5 Ways to Protect Your Small Business from a Data Breach

Archive Document Data Storage

Small businesses are just as vulnerable to data breaches as big corporations. But for many small business owners, investing in breach prevention measures is an afterthought. In this blog, we offer five cost-effective strategies to protect your small business from a data breach. Negligent document disposal habits increase your organisation’s data breach exposure. It’s not just your online data that’s at risk. Educate Your Employees.

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? In part 2 of the series, I want to talk about data ownership and minimisation and this is all about reducing the impact on individuals and organisations alike when things do go wrong.

Key takeaways from the 2019 Verizon Data Breach Investigations Report

IT Governance

Verizon’s annual DBIR (Data Breach Investigations Report) is among the most valuable studies in the security industry, so the release of the 2019 edition this week is cause for celebration. Unfortunately, the reports don’t speculate on possible interpretations of the data, leaving that to independent experts. Financially-motivated social engineering attacks are behind 12% of all breaches analysed.

What have the ICO said about data breach?

Privacy and Cybersecurity Law

The ICO have been discussing data breach reporting under GDPR in a new webinar. Here are the key points: GDPR introduces mandatory breach reporting. This applies to accidental breaches and internal breaches – not just those that are deliberate or are about losing personal data externally. Don’t forget about integrity and availability breaches (e.g. Temporary loss of data, according to EDPB Guidance can be a personal data breach.

Records for 7.5 million users of the digital banking app Dave leaked online

Security Affairs

Digital banking app discloses a security breach after the known threat actor ShinyHunters leaked 7 million user records on a crime forum. According to ZDNet , the security breach originated on the network of a former business partner, Waydev.

List of data breaches and cyber attacks in September 2020 – 267 million records breached

IT Governance

The education sector accounted for 20 of the 102 publicly disclosed incidents listed this month – with the majority being ransomware. You can find our full list of publicly disclosed data breaches from September in this blog, with incidents affecting UK organisations listed in bold.

A Spate of University Breaches Highlight Email Threats in Higher Ed


Breach Web Security data breach Email Attacks graceland higher education oregon state Phishing southern missouri state UniversityStudents at Oregon State University, Graceland University and Southern Missouri State have all been impacted by email attacks against school employees.

4 of the 5 top causes of data breaches are because of human or process error

IT Governance

Although data breaches as a result of cyber attacks get all the press, it is often negligence or a lack of basic processes, policies and procedures that result in data breaches. The Information Commissioner’s Office (ICO) compiles quarterly statistics about the main causes of reported data security incidents. Data posted or faxed to incorrect recipient – 90 incidents. Data sent by email to incorrect recipient – 33 incidents.

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

Experts from data breach monitoring firm Under the Breach @underthebreach has shared some screenshots of the stolen data available for sale: Actor leaked the database of Tokopedia – a large Indonesian technology company specializing in e-commerce. ( @tokopedia ) – Hack occurred in March 2020 and affects 15,000,000 users though the hacker said there are many more. ZDNet confirmed the authenticity of the leaked data.