mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#edusec

1 post1 participant0 posts today
Doug Levin<p>US Department of Education Grant Management Site Mimicked in Phishing Scheme <a href="https://www.darkreading.com/threat-intelligence/department-of-education-site-phishing-scheme" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/threat-intelli</span><span class="invisible">gence/department-of-education-site-phishing-scheme</span></a> <a href="https://infosec.exchange/tags/edtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edtech</span></a> <a href="https://infosec.exchange/tags/edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edusec</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@PogoWasRight" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PogoWasRight</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> </p><p>So they wouldn't have committed without that "engagement?" </p><p><a href="https://infosec.exchange/tags/PowerSchool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerSchool</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> </p><p>"We take your privacy and security very seriously... when we have to," admitted no entity, ever.</p>
Doug Levin<p>PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada <a href="https://www.priv.gc.ca/en/opc-news/news-and-announcements/2025/nr-c-20250722/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">priv.gc.ca/en/opc-news/news-an</span><span class="invisible">d-announcements/2025/nr-c-20250722/</span></a> <a href="https://infosec.exchange/tags/edtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edtech</span></a> <a href="https://infosec.exchange/tags/edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edusec</span></a> <a href="https://infosec.exchange/tags/powerschool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>powerschool</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@PogoWasRight" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PogoWasRight</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Doug Levin<p>Lexington-Richland School District Five provides update on June security breach <a href="https://www.wistv.com/2025/07/22/lexington-richland-school-district-five-provides-update-june-security-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wistv.com/2025/07/22/lexington</span><span class="invisible">-richland-school-district-five-provides-update-june-security-breach/</span></a> <a href="https://infosec.exchange/tags/edtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edtech</span></a> <a href="https://infosec.exchange/tags/edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edusec</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@PogoWasRight" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PogoWasRight</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Dissent Doe :cupofcoffee:<p>The St. Lawrence Lewis Board of Cooperative Educational Services ("BOCES") in New York has reported a breach that impacted 10,993 people. The types of information involved included: SSN, name, address, DOB, tax identification number, medical information, and financial account information.</p><p>The "cybersecurity incident" was discovered on August 12, 2024 and just reported this week to the Maine Attorney General's Office, although letters were sent out to those affected in June. </p><p><a href="https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/64a4742c-859e-400b-8098-589299a4052c.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">maine.gov/agviewer/content/ag/</span><span class="invisible">985235c7-cb95-4be2-8792-a1252b4f8318/64a4742c-859e-400b-8098-589299a4052c.html</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Dissent Doe :cupofcoffee:<p>The Clearbrook-Gonvick School District in Minnesota has disclosed a breach that occurred in October 2024. The types of information involved included names, Social Security numbers, driver's license or state ID numbers, individual taxpayer identification numbers, financial account information, and student identification numbers.</p><p><a href="https://markets.financialcontent.com/stocks/article/accwirecq-2025-7-21-notice-of-data-privacy-incident" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">markets.financialcontent.com/s</span><span class="invisible">tocks/article/accwirecq-2025-7-21-notice-of-data-privacy-incident</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/Edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Edusec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Doug Levin<p>$1.8 million stolen from Broken Bow Public Schools in phishing scam <a href="https://ruralradio.com/kuvr/news/1-8-million-stolen-from-broken-bow-public-schools-in-phishing-scam/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ruralradio.com/kuvr/news/1-8-m</span><span class="invisible">illion-stolen-from-broken-bow-public-schools-in-phishing-scam/</span></a> <a href="https://infosec.exchange/tags/edtech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edtech</span></a> <a href="https://infosec.exchange/tags/bec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bec</span></a> <a href="https://infosec.exchange/tags/edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edusec</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@PogoWasRight" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PogoWasRight</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brett</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Dissent Doe :cupofcoffee:<p>Breaches have consequences (sometimes):</p><p>"On Monday, the North Carolina State Board of Education approved a six-month, roughly $270,000 contract with PowerSchool for professional evaluations and onboarding services. The contract, NCDPI noted, isn’t related to the student information system, which was hacked in December. That system’s contract will expire at the end of June and won’t be renewed."</p><p><a href="https://www.wect.com/2025/06/25/ncdpi-renews-contract-with-powerschool-after-massive-data-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wect.com/2025/06/25/ncdpi-rene</span><span class="invisible">ws-contract-with-powerschool-after-massive-data-breach/</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/PowerSchool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerSchool</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> <span class="h-card" translate="no"><a href="https://journa.host/@mkeierleber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mkeierleber</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brett</span></a></span></p>
Dissent Doe :cupofcoffee:<p>You may know this already, but in case you didn't: Threat actors have leaked some data from 2 more K-12 public school districts this week:</p><p>Some personal info on students at Coweta County School System was leaked by Nitrogen as proof of claims. I googled the parent information and found an exact match for name, address, and phone number. </p><p>Data from Kalamazoo Public School District was leaked by InterLock. InterLock claimed to have acquired 1,420 GB of data consisting of 724,477 Files and 82,820 Folders. It looks like they leaked it all but I didn't attempt to validate any data. </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p><p><a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@FritzAdalis" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>FritzAdalis</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@scottwilson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>scottwilson</span></a></span> </p><p>That's not accurate. The Information's wording and organization may have confused people. </p><p>Para 5 in the Information is about Employee 1, a contractor who worked for PowerSchool. The Information does not say Employee 1 was a telco (Victim 1) employee or that their PS credentials were acquired as part of the telco breach. Para 5 is unrelated to Para 4. </p><p>The Employee 1 creds used to access PowerSchool were acquired at a separate time and unrelated to the telco breach. I confirmed that with a source with knowledge of the incident. </p><p>The Information: <a href="https://www.justice.gov/usao-ma/media/1400921/dl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">justice.gov/usao-ma/media/1400</span><span class="invisible">921/dl</span></a></p><p>Also of note: the Information makes no mention of the second round of extortion attempts, which may mean that DOJ had no evidence connecting Lane to the second set of extortion demands. The second round of extortion demands purported to be from "ShinyHunters," but whether they really were or not has yet to be publicly confirmed or refuted by law enforcement. </p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/PowerSchool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerSchool</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> <span class="h-card" translate="no"><a href="https://journa.host/@mkeierleber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mkeierleber</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>campuscodi</span></a></span></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@scottwilson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>scottwilson</span></a></span> I had the same reaction. I even emailed the Media contact for the Massachusetts USAO to ask why the information included <em>enhanced</em> sentences for use of "special skills" and use of "sophisticated means" under USSG § 3Bl.3 and USSG § 2B 1.1(b )(1 0)(C)), respectively.</p><p>What "special skills?"</p><p>What "sophisticated means?"</p><p>I suspect they won't really answer me, but... I had to ask. </p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/PowerSchool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerSchool</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p><p>UPDATING: The USAMA responded:</p><p>"The only information we can provide is that publicly available in the court filings - which are linked in the press release. Apart from that we have no comment. Thank you.&nbsp;"</p><p>Someone find me a good "shocked look" emoji, please.</p>
Dissent Doe :cupofcoffee:<p>Massachusetts hacker to plead guilty to PowerSchool data breach:</p><p><a href="https://www.investing.com/news/stock-market-news/massachusetts-hacker-to-plead-guilty-to-powerschool-data-breach-4055643" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">investing.com/news/stock-marke</span><span class="invisible">t-news/massachusetts-hacker-to-plead-guilty-to-powerschool-data-breach-4055643</span></a></p><p>Related: </p><p>DOJ Press release: <a href="https://www.justice.gov/usao-ma/pr/worcester-college-student-plead-guilty-cyber-extortions" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">justice.gov/usao-ma/pr/worcest</span><span class="invisible">er-college-student-plead-guilty-cyber-extortions</span></a></p><p>USA v. Matthew D. Lane - Information: <a href="https://www.justice.gov/usao-ma/media/1400921/dl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">justice.gov/usao-ma/media/1400</span><span class="invisible">921/dl</span></a></p><p>USA v. Matthew D. Lane - Plea Agreement: <br><a href="https://www.justice.gov/usao-ma/media/1400926/dl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">justice.gov/usao-ma/media/1400</span><span class="invisible">926/dl</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/PowerSchool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerSchool</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brett</span></a></span> <span class="h-card" translate="no"><a href="https://journa.host/@mkeierleber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mkeierleber</span></a></span></p>
Dissent Doe :cupofcoffee:<p>Don't procrastinate if you were affected:</p><p>Citizens whose SSN was compromised in the MOVEit breach at the National Student Clearinghouse (NSC) have until May 26, 2025, to file a claim to be part of the $9.95 million class action settlement. </p><p>Eligible individuals are those whose Social Security number was included in the files affected by the MOVEit security incident between May 28 and May 31, 2023. See more details and access the claim form at the official settlement website: <a href="https://nscsettlement.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nscsettlement.com/</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MOVEit</span></a> <a href="https://infosec.exchange/tags/Clop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clop</span></a></p>
Dissent Doe :cupofcoffee:<p>Today's reminder why NOT to pay criminals' extortion demands to delete data:</p><p>PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway</p><p><a href="https://databreaches.net/2025/05/07/powerschool-paid-a-hackers-extortion-demand-but-now-school-district-clients-are-being-extorted-anyway/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/05/07/po</span><span class="invisible">werschool-paid-a-hackers-extortion-demand-but-now-school-district-clients-are-being-extorted-anyway/</span></a></p><p>NOTE: I subsequently edited my post to clarify that the ransom demand to the state (North Carolina) claimed to be from ShinyHunters. I haven't yet seen any ransom notes to individual districts and I do not know how those were signed or claimed. Stay tuned, I guess....</p><p><a href="https://infosec.exchange/tags/PowerSchool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerSchool</span></a> <a href="https://infosec.exchange/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/EdTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EdTech</span></a> <a href="https://infosec.exchange/tags/extortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>extortion</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> <span class="h-card" translate="no"><a href="https://journa.host/@mkeierleber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mkeierleber</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brett</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@euroinfosec" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>euroinfosec</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@jgreig" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jgreig</span></a></span></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://mastodon.cloud/@lavxnews" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lavxnews</span></a></span> It's time people stopped claiming that breaches that have occurred over and over again for years are a "wake up call" for anything. Every sector has had "wake up calls" galore, including the education sector. Nobody woke up. Nobody is still waking up. Instead of a headline calling a breach a "wake up call," maybe the headline should be "Yet another avoidable breach will lead to a major lawsuit." </p><p><a href="https://infosec.exchange/tags/Edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Edusec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/SlowLearningCurve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SlowLearningCurve</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> <span class="h-card" translate="no"><a href="https://journa.host/@mkeierleber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mkeierleber</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brett</span></a></span></p>
Dissent Doe :cupofcoffee:<p>Rainbow District School Board still doesn't provide answers to reasonable questions about its cyberattack, claiming exemptions under relevant Ontatio municipal freedom of information law:</p><p><a href="https://www.sudbury.com/local-news/foi-reveals-ransom-demand-was-made-in-rainbow-board-cyber-incident-10547713" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sudbury.com/local-news/foi-rev</span><span class="invisible">eals-ransom-demand-was-made-in-rainbow-board-cyber-incident-10547713</span></a></p><p><a href="https://infosec.exchange/tags/Edusec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Edusec</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/transparency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>transparency</span></a> <a href="https://infosec.exchange/tags/FOI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOI</span></a></p>
Dissent Doe :cupofcoffee:<p>Smiley calls for data sharing once Providence gets its schools back from state: </p><p><a href="https://www.newsbreak.com/rhode-island-current-1641157/3961849375333-smiley-calls-for-data-sharing-once-providence-gets-its-schools-back-from-state" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">newsbreak.com/rhode-island-cur</span><span class="invisible">rent-1641157/3961849375333-smiley-calls-for-data-sharing-once-providence-gets-its-schools-back-from-state</span></a></p><p>Direct link to Providence's plan: <a href="https://www.providenceri.gov/wp-content/uploads/2025/04/Providence-PPSD-Transition-Plan.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">providenceri.gov/wp-content/up</span><span class="invisible">loads/2025/04/Providence-PPSD-Transition-Plan.pdf</span></a> Pages 51-56 seem to be about data management. </p><p><a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://infosec.exchange/tags/DataSharing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataSharing</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> <span class="h-card" translate="no"><a href="https://journa.host/@mkeierleber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mkeierleber</span></a></span></p>
Dissent Doe :cupofcoffee:<p>Fall River schools chief: No insurance for cyberattack; says computer system remains down:</p><p><a href="https://www.heraldnews.com/story/news/2025/04/08/fall-river-schools-cyberattacked-chief-says-no-insurance/83000021007/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heraldnews.com/story/news/2025</span><span class="invisible">/04/08/fall-river-schools-cyberattacked-chief-says-no-insurance/83000021007/</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> </p><p><a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/insurance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>insurance</span></a></p>
Dissent Doe :cupofcoffee:<p>Takeaways from our investigation on AI-powered school surveillance. The AP and Seattle Times teamed up on this investigation. </p><p>From their overview: "But these tools raise serious questions about privacy and security. In fact, when The Seattle Times and The Associated Press partnered to investigate school surveillance, reporters inadvertently received access to almost 3,500 sensitive, unredacted student documents through a records request. The documents were stored without a password or firewall, and anyone with the link could read them."</p><p>Read more at <a href="https://apnews.com/article/ai-school-chromebook-surveillance-gaggle-investigation-takeaways-381fa82978f27eb85f20d03236820711" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apnews.com/article/ai-school-c</span><span class="invisible">hromebook-surveillance-gaggle-investigation-takeaways-381fa82978f27eb85f20d03236820711</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecurity</span></a> <a href="https://infosec.exchange/tags/surveillanvce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>surveillanvce</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>douglevin</span></a></span> <span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span> </p><p>What do you think about this report out of Umatilla? Is this PowerSchool or something unrelated? If they just discovered a breach this week?</p><p><a href="https://www.vpnranks.com/news/umatilla-schools-data-breach-exposes-student-records/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">vpnranks.com/news/umatilla-sch</span><span class="invisible">ools-data-breach-exposes-student-records/</span></a></p><p><a href="https://infosec.exchange/tags/EduSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EduSec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a></p>