School and university data breach exposes details on thousands of students
There has been another major data breach. This one affects thousands of university and school students around the country.
Personal information on the students was exposed when a popular education company’s database was breached in November 2018. In December 2018, the personal information of 500,000 students and staffers in one California school district was stolen by hackers.
We’ll take a look at what kind of data was exposed in the breach. We also have information on whether the data is being misused.
Textbook company targeted in massive hack
The data breach hit Pearson, a British company that produces educational tools including textbooks and digital textbooks. The story was first reported by the Wall Street Journal.
Although the company operates around the world, the data breach affected mostly students in the U.S. The accounts of more than 13,000 schools and universities were exposed.
First and last names, email addresses and dates of birth were taken during the hack. The company says no Social Security numbers, credit card numbers or any other financial information was accessed by hackers.
The actual number of students affected by the hack is unknown but it is certainly in the hundreds of thousands. The information-security officer for one school district in Nevada said data from 114,000 students enrolled between 2001 and 2016 were affected in the breach.
The breach took place in November of 2018. The FBI notified Pearson about the breach in March. The hack breached Pearson’s AIMSweb 1.0 system, which monitors the reading and math skills of students from pre-school to high school.
Pearson said the company is phasing out the hacked system. The decision to remove the system was made before the breach occurred.
No evidence student data is being misused
If there is any good news in this latest corporate data breach is that there has been no sign that the students’ data has been misused. In addition, the FBI believes the company was not the intended target of the hack.
Because no sensitive financial data was taken, Pearson is characterizing its impact as low risk. Just in case though, the school is offering families free credit monitoring tools.
“We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability,” Pearson spokesman Scott Overland told Komando.com. “While we have no evidence that this information has been misused, we have notified the affected customers as a precaution.”
Pearson is in the process of transitioning its print textbooks to digital. One computer security expert said an unintentional effect of education companies shifting to digital products is data theft.
Related: Customers’ personal data stolen in breach of major wireless carrier
A week of data breaches
Pearson was just one of the data breaches announced this week. Earlier, Capital One revealed that 100 million of its U.S. customers were affected when its servers were hacked.
Hackers took information on credit scores, credit card limits, balances, credit history, home addresses, and most alarming, Social Security and bank account numbers. The number of customers whose Social Security and bank information was stolen stands at 220,000.
Capital One said it began working with law enforcement as soon as the breach was detected. The FBI has apprehended a person it believes is responsible for the hack, but the investigation is still ongoing.
Meanwhile, the online marketplace Poshmark was also hacked. Hackers stole data that includes full names, cities, email addresses, linked social media profiles and account passwords. The passwords were encrypted.
The seller of used clothing said no financial data was taken. The company did not reveal how many customers were pinched in the hack, but it is advising all of its website’s users to change their Poshmark passwords.