ABC News speaks with a young hacker about what experts call a wide-ranging menace: a new generation of tech-savvy teens who are uniquely dangerous and surprisingly young.
The breach pierced the education technology company PowerSchool – used by 80% of school districts in North America – and “put at risk the security of 60 million children and 10 million teachers,” the Justice Department said.
With threats to expose social security numbers, dates of birth, family information, grades, and even confidential medical information, the breach cornered PowerSchool into paying millions of dollars in ransom.
I don’t know: their getting caught may indicate less skill & more ease to break in due to irresponsible information security practices.
Maybe companies like PowerSchool are shit & ought to have no business carrying that sort of information for 80% of public school districts.
Maybe government is irresponsible for entrusting that information to these businesses with lax standards.
Seems like institutional irresponsibility all around.
Organized criminals see easy exploits & easy useful idiots to assume the legal risk of their ventures.
The company i work for has to go through annual PCI Compliance testing to make sure CC transactions are not leaking card information and storage is encrypted if we stored (we don’t) thus information. Even our network is scrutinized closely. We are also required to have bi-annual table top exrcises and they are talking about pentestung. What kind of Compliance do any of these companies have.
Same here. We also contract with HackerOne, a company of “white hat” hackers that actively attack our site and earn significant bounties if they can do something like remotely execute commands, exfiltrate data, etc. Only after they provide us with a repeatable set of steps and we close the hole do they get paid.
I don’t know: their getting caught may indicate less skill & more ease to break in due to irresponsible information security practices. Maybe companies like PowerSchool are shit & ought to have no business carrying that sort of information for 80% of public school districts. Maybe government is irresponsible for entrusting that information to these businesses with lax standards. Seems like institutional irresponsibility all around.
Organized criminals see easy exploits & easy useful idiots to assume the legal risk of their ventures.
The company i work for has to go through annual PCI Compliance testing to make sure CC transactions are not leaking card information and storage is encrypted if we stored (we don’t) thus information. Even our network is scrutinized closely. We are also required to have bi-annual table top exrcises and they are talking about pentestung. What kind of Compliance do any of these companies have.
Same here. We also contract with HackerOne, a company of “white hat” hackers that actively attack our site and earn significant bounties if they can do something like remotely execute commands, exfiltrate data, etc. Only after they provide us with a repeatable set of steps and we close the hole do they get paid.
They don’t. The only private companies who have to monkey dance like that are cinema content handlers who want TPN status
Must protect the IP