An Arizona tech school has informed Maine's attorney general in a recently filed report that nearly 209,000 individuals' data was potentially compromised in a hacking incident earlier in the year.
The tech school is East Valley Institute of Technology (EVIT), and according to the filing, the data of the 209,000 individuals is of current and former students, parents, guardians, and faculty. As for what data was leaked, reports indicate the compromised data included personal, health, and financial information.
The Register reports that nearly 50 types of personal information were stolen, such as student ID numbers, date of birth, race/ethnicity, grades, home phone numbers, email addresses, driver's license, health insurance information, medical information, allergy information, medical record number, passport numbers, prescription information and more.
At the moment it hasn't been revealed what type of attack caused the data to be compromised, but what is known is the ransomware group named LockBit claimed responsibility for the attack. The hacking group also threatened, "Files will be published!"
Luckily, it appears the files haven't been published online, with EVIT stating it "has not discovered any publication of EVIT data that contained sensitive information."
I contacted Prof. Ahmed Banafa, a Tech Expert and Engineering professor at San Jose State University, who specializes in IoT, blockchain, cybersecurity, and artificial intelligence. Here is what he had to say about the situation.
"As an academic advisor, in addition to teaching, I am required to take FERPA training to understand the rights of parents and students. Based on the information presented in the article, in my opinion the system in place may be insecure or outdated. Many universities and colleges conduct penetration tests to evaluate their resilience against potential hacks and identify any vulnerabilities. This significant security failure on the part of the school could lead to government investigations and lawsuits from parents and students."