Following a major data security incident involving sensitive student and parent information, Global Schools Group sought court injunctions prohibiting the publication of data acquired by FulcrumSec. They obtained the injunctions, but once again, injunctions do not affect threat actors — or at least, not in the way the plaintiffs hoped.  Yesterday, DataBreaches reported that Global...

Source

In Part 1,  DataBreaches published some totals and aggregate data from the recent Global Schools Group data breach. All analyses and statistics were provided to this site by FulcrumSec, who had attacked Global Schools Group (GSG) and exfiltrated the data. Data from three of GSG’s school brands were included in Part 1. Data for the...

Source

This is the first part of a two-part report of findings from the Global Schools Group data breach. All statistical analyses and findings were provided to DataBreaches by FulcrumSec, and are presented to assist those investigating the breach as well as parents and employees who might be concerned as to what types of data were...

Source

Resecurity writes: The education technology (EdTech) sector has become a prime target for cybercriminals as attacks against educational institutions and related platforms continue to escalate. With sensitive data, including student records, employee information, and payment data, stored on EdTech systems, the sector has become an appealing target for cybercriminals seeking financial gain, data exploitation, and...

Source

From Mandiant and Google Threat Intelligence Group, an advisory: Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 2026, and June 9, 2026 and is consistent with the exploitation of CVE-2026-35273, a critical remote...

Source

Today’s reminder of the insider threat is brought to us by DysruptionHub: A former Saydel Community School District information technology worker in Iowa was sentenced June 11 after prosecutors said he disrupted school technology systems used by students and staff. The disruptions affected classroom technology, staff accounts and district-managed devices after Ezekiel Dean Potter left...

Source

Shane Fraser reports: A Saskatoon man who allegedly conspired to install malware, steal login credentials, and mine cryptocurrency from American educational institutions is facing extradition to the United States. The cyberattack accusations were levelled against Ryan James Roach in Saskatoon Court of King’s Bench, where he was ordered to be taken into custody to await extradition following...

Source

From an FTC press release of June 5: Following a public comment period, the Federal Trade Commission finalized a modified order requiring Illuminate Education Inc. to implement a data security program, limit collection and retention of consumer data, and delete unnecessary data to settle charges that the company’s data security failures led to a major...

Source

Alice Cooper’s “School’s Out” became the traditional end-of-year song for millions of students since it was first recorded in 1972. But it really is out for summer for Evanston Township High School — at least so far —  because of a ransomware attack. ABC News reports that summer school, sports camps, and on-campus activities are...

Source

If you ask most people what breach PowerSchool experienced, their first response might be the 2024 hacking incident that affected tens of millions of students. But even before that breach, there was another significant breach involving PowerSchool that began in 2021. Colin Lee and Koji Edmunds report: In early April, many students across the world...

Source

U.S. Senators Bill Cassidy, M.D. (R-LA), Chairman of the U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee, and Tommy Tuberville (R-AL) raised concerns about the recent cybersecurity incident on Instructure, threatening the data of 275 million students, families, and teachers worldwide. The incident shut down Instructure’s learning management system, Canvas, the most popular system...

Source

Media outlets have been understandably eager to learn whether Instructure paid ShinyHunters after the latter attacked them for a second time on May 7. Considering that they pledged to be more transparent, DataBreaches doesn’t fully understand why Instructure wasn’t more forthright about the payment issue in its update, unless they were trying to avoid encouraging...

Source

The Supreme Court of California has ruled in J.M. v. Illuminate Education, Inc., a case closely watched by those concerned about holding edtech vendors liable in the event of a data breach. As background on the case: In December 2021, Illuminate suffered a data breach that affected 1.7 million students in New York, 434,000 students...

Source

Breaches involving school-related vendors such as PowerSchool and Instructure are causing major headaches for schools, students, and parents. They are also getting more attention from Congress. While some breaches have not exposed core data or personal information of students or personnel, other breaches, such as those involving PowerSchool and Navigate360’s  P3 Campus, have involved sensitive...

Source

DataBreaches posted the following opinion piece on LinkedIn this morning in my Dissent Doe, PhD account: Last night, Canvas was restored, and the Instructure leak site listing was removed from the threat actors’ leak site. The listing is still not on the leak site as of this morning. Given ShinyHunters’ practices, this usually indicates that...

Source

When Instructure did not contact ShinyHunters to negotiate any payment after ShinyHunters attacked them for a second time in April,  the threat actors threatened to leak every school’s data, and posted a notice telling schools how to contact them directly to avoid having their data leaked. When Instructure still didn’t contact them after that escalation, ...

Source

Audit conducted by NYS Comptroller’s Office between 2020-2025 found multiple concerns leaving students and employees at risk of privacy and data security breaches. The auditor also criticized the city for failing to cooperate in a timely manner with the auditor’s requests for information.  In June 2014, a decade after the NYC Education Department had been...

Source

Instructure defines itself as the “O.G. champions of open edtech. The makers of Canvas, Mastery, and Parchment (solutions for learning, assessment, and credentialing). Host of the world’s largest online community of educators. (And yes—we’re ‘the panda people.’). We build industry-leading edtech, empowering both teachers and learners at every step of their journey.” Sadly, they were...

Source

Tyler Bridegan, Scott Hyman, Patrick Strubbe, and Sarah Wilk of Womble Bond Dickinson write: In a first of its kind, a California federal judge allowed claims against Bain Capital to proceed based on a data breach at its subsidiary, PowerSchool. Notably, many of the claims are based on conduct that occurred before Bain’s acquisition of PowerSchool. Although...

Source

DysruptionHub reports: Kentwood Public Schools said districtwide Wi-Fi was disrupted after a student used malicious software designed to interfere with the school system’s network. The district said outside experts helped isolate the issue, which affected Wi-Fi connectivity across its schools, and that the problems “appear” to have been resolved. Kentwood Public Schools serves students in...

Source