The Maryland General Assembly’s audit unit published a report indicating a number of storage issues that unencrypted information of 1.4 million students and 200,000 educators.
The education department confirmed the security deficiencies, saying that they are already taking control of the information systems network.
A routine audit discovered the unencrypted information. MSDE confirmed that the network systems don’t have ‘adequate safeguards’ for their database and applications. These databases and storage contain all sensitive and personal information of students and faculty members.
In addition to now having any security barrier, it is also said that the department of education was not able to employ mitigation controls. These are software used to prevent sensitive data and protect information from unauthorized movements like deletion and misuse.
In an article published by The Star Democrat, it is said that the sensitive data were stored in a clear text and not of an encrypted text. Hence, hacking the system network means being able to access student’s unique names, social security numbers, and other information.
Meanwhile, Chief Information Officer James Cornelius couldn’t confirm whether or not students and teachers were already affected by this incident. He also stated that no data breach happened and that the issue has been taken cared of.
Cornelius reiterated that the routine audit is simply doing its job to alert the education department of any potential security risks. In this way, MSDE can ‘confidently prevent any breaches of information.’
On the issue of preventing data breaches, the chief officer said that the department has taken action and implement methods that would improve storage systems. Cornelius said that this report doesn’t make MSDE vulnerable, rather, providing information to enhance the security.
Schools as Targets of Hackers
Since there’s still no affected student or teacher resurfacing after this incident, it’s a good thing that the situation is under control. However, the fact that hackers are getting smarter in acquiring sensitive information, education institutions are deemed ‘soft targets’.
Last year, a massive school district hacking in San Diego affected more than 500,000 students and staff as personal information was accessed. Through data breach, hackers were able to get attendance records, health information, discipline history and contact details of students, parents, and educators.
According to The New York Times, schools, just like hospitals and local governments have become vulnerable to data breach attacks. Due to a lack of resources to guard storage systems, hackers are able to make unauthorized activities.