The Daily Swig Web security digest

California gleaning: Student data compromised in separate attacks

James Walker | 10 October 2017 at 12:00

Hacks against two learning centers in California are thought to have compromised the personal data of thousands of students.

The need for public sector organizations to ramp up their data protection once again became apparent this week, as news emerged of hacks being committed against two educational institutions in the US.

On October 5, Palo Alto High School in the San Francisco Bay Area posted a notice on its website confirming that names, student numbers, and GPA values have been exposed for current students in grades 10, 11, and 12.

“Staff immediately invoked the data breach response protocol and began investigating the report,” the school stated. “After validating the information, staff worked to determine the scope and composition of the breach, and is in the process of taking steps to ensure any potential attack vectors have been addressed.

It added: “Staff has worked with the web hosting provider to take the offending website offline, campus access logs are being reviewed for suspicious activity, and all data integrations with third party systems have been temporarily disabled.”

Local law enforcement has been contacted, and the incident is still under investigation, the school said.

Elsewhere, Cabrillo Community College, near Santa Cruz announced on October 6 that a hack into its servers may have exposed the personal information of 40,000 students.

In an interview with the Santa Cruz Sentinel, Cabrillo spokeswoman Kristin Fabos said the social security numbers of 12,000 students were potentially compromised in the breach, as well as passwords, names, dates of birth, addresses, emails of 28,000 additional students.