Sep 29, 2020 17:00:00

What is the reason why the school where the personal information of 320,000 people was leaked was said to be 'no problem with the leaked contents'?

A hacker has caused an incident in which personal information such as the names and addresses of about 320,000 students attending a large school district was disclosed online. There is also the problem that schools have allowed hackers to invade, but one law states that there is 'no major problem' with respect to the content of data illegally disclosed by hackers.

Ransomware Threat Actors Dump Data on Clark County School District Employees and Students

https://www.databreaches.net/ransomware-threat-actors-dump-data-on-clark-county-school-district-employees-and-students/

Hacker Releases Information on Las Vegas-Area Students After Officials Don't Pay Ransom --WSJ
https://www.wsj.com/articles/hacker-releases-information-on-las-vegas-area-students-after-officials-dont-pay-ransom-11601297930

The victims were about 320,000 students attending the Clark County School District (CCSD) , a school district in Las Vegas. Hackers fraudulently lock and unlock school servers and demand money from the school in return. The school refused to do so, and hackers released personal information online, including students' names, grades, dates of birth, addresses, and the names of the schools they attended.

The Wall Street Journal (WSJ) said the Wall Street Journal (WSJ) said that the coronavirus pandemic has escalated the tactics of hackers targeting schools that are heavily dependent on online learning. It shows that. '

However, CCSD allows schools to disclose some of their student information to the public as 'Roster Information' under the

Family Educational Rights and Privacy Act (FERPA) . The school can decide what kind of data will be released to the public as list information, and in CCSD, the student's name, address, grade, date of birth, place of birth, years of attendance, degree, award history, school attended, affiliation If you belong to a club activity or sports team, you are allowed to disclose your weight and height.

Given FERPA, data exposed by hackers may not be considered sensitive. Dissent Doe, who runs the security news site DataBreaches.net, actually checked the data content released by hackers and said, 'So far, medical records, disciplinary records, social activities and psychological records of students, etc. No really sensitive information has been identified. '

However, Dissent Doe points out that even though the data was released to hackers with low confidentiality, it should not be optimistic. 'What the hackers did was hampering the functioning of the school district and took up the resources of faculty and staff who could have been devoted to other tasks. Each hacker's attacks are different, so they attack different attacks. You need to have countermeasures and recovery methods in place, but it's very dangerous to assume that hackers are always getting only sensitive data, 'said Dissent Doe.