Recently, Chegg - the American education technology company - disclosed a data breach incident, that underscores the threats of cyber incidents on the organizations in the Education industry.
Cyber incidents with Chegg:
Chegg, the California-based Edu-tech company, is a provider of digital and physical textbook rentals, online tutoring, and other student services.
- In Apr 2020, unknown hackers managed to steal 700 records (including names and SSNs) associated with current and former Chegg employees. This was the third cyber incident with Chegg in the past three years.
- In Sept 2019, Thinkful, the online education site recently acquired by Chegg, confirmed a data breach, as an unauthorized party gained access to company credentials.
- In Sept 2018, Chegg disclosed that in April 2018, some intruders had gained access to the company’s internal database, impacting the users of the company’s own website, as well as users of other services (like EasyBib) owned by Chegg.
The overall education sector feels the heat:
Chegg is not the only educational institution impacted due to the cyber threats.
- In Apr 2020, several students and faculties at various colleges and universities were being targeted via phishing email attacks with Hupigon RAT, known to be used by Chinese APTs such as APT3.
- In Apr 2020, Warwick University also revealed that it had suffered multiple data breach incidents in 2019, due to which hackers had gaining access to the university's admin network.
- In Mar 2020, hackers had targeted the online coronavirus tracking dashboard developed by Johns Hopkins University. The genuine version of this dashboard was available for sale on Dark Web, being used in malicious websites as well as for sending spam emails.
- Besides, several other educational institutions including College Of DuPage, Wichita State University, Jay Public School District, Melbourne Polytechnic, Kentucky University, Hutt Valley High School, Coastal Bend College, Spartanburg School District 1, and Jefferson County School District, all have witnessed cyber incidents within the month of March 2020.
Educational organizations must keep all its systems and applications updated with the latest patches, and train their employees to follow necessary security measures (like using strong passwords and two-factor authentication) as well as keep awareness regarding spam emails and social engineering scams used by the cybercriminals.