Around 1.3 Million Student’s Data Exposed in Breach

Media Division | April 21, 2017

Data breaches can often be caused by malicious hackers looking to purloin and sell sensitive information on the black market, but this is not the only way that data breaches happen.  In fact, a largely common way that data breaches come about is from organizations themselves.  There have been cases where an employee in charge of valued information accidently sends it to the wrong place or person.  Another way that many data breaches come about is through improper application of security upon databases.  There are various databases containing privileged information all around the web, and these must be correctly secured to protect that information from cyber criminals.  Unfortunately, there are many organizations that forget to do so or leave a necessary security component out. A recent breach of Schoolzilla, a platform which warehouses student data, resulted in the exposure of around 1.3 million student’s data.

The breach had been discovered by Chris Vickery of MacKeeper earlier this month.  He had found that Schoolzilla had mistakenly had their database configured for public access, and this allowed him to download the information.  The records included personal data of students such as names, addresses, and even the Social Security numbers of some.  There are currently no reports as to whether any malicious actors had accessed the database.

How Schoolzilla Handled the Breach

Fortunately, Schoolzilla was quick to react to the breach after Vickery had alerted them of it.  They rapidly addressed the issue and secured the database.  They also got in touch with Vickery to discover the extent of the breach.  Within a few days of being alerted of the breach, Schoolzilla had already called each person affected to let them know of the incident.  This was the first security incident that they had suffered, and they handled it correctly and professionally.  Taking responsibility and rapidly addressing a breach is what allows organizations to come back from it.  A breach can realistically destroy an organization if not properly mitigated and remediated.

There have already been several other instances of this type of data breach this year, including CloudPets toys and Scottrade Bank.  Unsecured databases like this can allow a wide range of public to access them.  They could be accessed by white hats like Chris Vickery, but it also opens them up for cyber criminals to purloin the data.  Data like the above can be used for a wide variety of malicious purposes, especially being that it contained social security numbers, including those of minors.

Protecting Networks and Systems with Cyber Security Monitoring

It is critical that an organization have the ability to maintain a watchful eye over their various networks, systems, and databases.  All of these implements have patterns of regular operation, and an organization needs to be aware of any change in that operation.  Cyber security monitoring is what allows an organization to have this awareness.  It provides the ability for IT staff or an analyst to constantly see the operational status of their networks and systems, as well as be alerted to any anomalies.  They can then investigate and handle these incidents if necessary.  Even though cyber attackers have become quite adept at bypassing many security methods, there is still typically some sort of indicator of their presence, and cyber security monitoring can allow an organization to detect these indicators of compromise.  Cyber security monitoring from Massive Alliance can help an organization to stop cyber attackers in their tracks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.