A Cyberattack Illuminates the Shaky State of Student Privacy

NYTimes: Why would a company receive an equivalent of the Oscars in their industry while going through a major security breach? This is happening to Illuminate Education, a leading provider of student-tracking software. It was discovered that over 3 million current and former students were victims across six states, including Los Angeles and New York city. Extremely sensitive student information was stolen and can have long-term consequences for these students. Experts say that this cyberattack is a strong warning for industry and government regulators. The attacker, who was a former employee of Amazon Web Services (not employed by AWS at the time), built a tool that allowed her to scan the AWS platform for misconfigured accounts. She used anonymizing services such as the Tor Network and IPredator VPN to hide her IP address. 

More: Yahoo News | Illuminate Education

Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

Dark Reading: Capital One was fined $80 million by the federal government and settled customer lawsuits for $190 million. A Seattle tech worker, Paige Thompson carried out this cyberattack and hacked personal information of 106 million Capitol One customers in March 2019. It was undiscovered for 4 months and this case highlights just how vulnerable cloud systems are to entitlements and misconfigurations.

More: Justice Department | CNET | WSJ

A little humor from Cybercrime Magazine to end the week: