Life never stops teaching: e-learning platform hacks on the rise
The global pandemic led to an unprecedented increase in the number of people learning online. According to Verizon’s 2019 Data Breach Investigation Report, in the education industry, human errors resulted in 35% of all cyber breaches. With so many academic institutions introducing remote communication practices for the first time, and new inexperienced users, this number is expected to go up.
Educational organizations gather lots of personal data, including financial, medical, employment, research and other sensitive information. At the same time, people usually have a high level of trust in the requests and facts coming from such organizations. All this makes this sector particularly vulnerable to social engineering schemes.
Some organizations introduce the role of the Chief Information Security Officer and and implement a number of cyber insurance policies. Insurance sometimes covers such risks as releasing systems from lockdown as a result of a malicious attack. But the chronic cyber vulnerability of the education sector is still a challenge. In the US, for instance, there were more than 49 attacks in 2017-2018, resulting in the leak of more than 48 million records, according to Privacy Rights Clearinghouse Chronology of Data Breaches. The COVID-19 spread is aggravating the situation. Here are some of the breaches reported in April 2020:
Online learning platform My Cambridge Australia: 879,856 user accounts including email addresses and passwords.
English learning platform English.best: 647,809 user accounts, exposed data include email addresses and plain text passwords.
Online coding school CodeCademy: 174,923 lines of data with first and last names, e-mails, phone numbers, addresses, birth dates, age, places of work, and job titles.
State organizations also show a lack of cybersecurity protection: for example, this month 50,117 user accounts of the Polish National School of Judiciary and Prosecutor's Office were exposed, the data compromised include names, user IDs, email addresses and passwords.
Previous notorious breaches include India’s biggest live tutoring platform Vedantu.com, a top French university AgroParisTech and online textbook rental and education community Chegg.com. The latter 2018 leak was huge, compromising 29,138,604 accounts containing names, physical and email addresses and passwords. This trend includes top scientific organizations as well. In February 2020, data gathered by the Vietnam Academy of Science and Technology Institute of Physics and Center of Training and Information surfaced on the web. 1,623 accounts containing usernames, email addresses, and hashed passwords using MD5 algorithm were exposed.
See more breaches spotted by Breach Report in our catalogue here. You can choose a category, for example, ‘education’ to list the relevant incidents.
A number of serious breaches also occurred in 2019 when cybercriminals used the vulnerability of Slate, a system used by more than 800 higher education organizations worldwide to manage applicants’ data. The attack was possible due to the absence of multi-factor authentication, which resulted in gaining access to password-reset systems of the universities.
Data vulnerability can also result in the loss of assignments and papers of students and staff, and damage the reputation to the point when prospective students choose another school to enter.
When ensuring the safety of the data, educational organizations have to assess all the risks that their complex architecture of networks face. Library systems, email servers and wireless networks all can be vulnerable to the attacks. It is also important to implement multi-factor authentication and limit access to networks and software for alumni and ex-staff members. Another vital step is to use highly-protected vendor solutions.
So as they say, ‘never stop learning, because life never stops teaching’, which is absolutely true for the educational sector that now simultaneously faces challenges of digital transformation and growing user base of quarantined students.
If you would like to learn more about key protective tactics to consider during the COVID-19 pandemic, read this article. Also, don’t forget to check your email on our website to see if you were the victim of a data breach.