ProctorU is software that monitors students online exams through [m]ultiple face recognition, eye movement tracking, [and] auditory analysis, the case explains. Your proctor would have filed a report regarding this and your score would have been cancelled. A data security breach involving an online examination tool used by Australian universities is under investigation. This harms their corporate brand and erodes their customers' trust in their . Protect your sensitive data from breaches. The irony in this data breach is that ProctorU specializes in monitoring (the testing process), but they overlooked the risks to their own data environment. A spokesman for Proctorio, which has contracts with roughly 2,400 American colleges, said the company had promptly fixed the vulnerability, within a week of notification, and had found no indication that anyone other than Computest had discovered or exploited it. September 14, 2021 . The case adds that some of the records involved in the breach date back to 2012, further evidencing that ProctorU has, according to the complaint, no time limit on how long it retains biometric information. This is, to put it mildly. On July 27, a hacker shared data files from . Microsoft Security Intelligence data show that Education is the industry most threatened by malware right now, making up 82.3 percent of reported cases in the last 30 days, as of Thursday. There were also email addresses associated with the U.S. military. Its well past time for online proctoring companies to be honest with their users. In late July, all the databases were offered for free in online hacker forums. report. or subscribe. This . News. As more online learning is happening thanks to virtual classrooms, the potential for data breaches and malware spread increases. the senators concerns, in some cases stretching the truth about how the proctoring apps work, and in other cases downplaying the damage this software inflicts on vulnerable students. All ProctorU employees undergo extensive security training and data privacy protocols at time of hire and before they proctor exams or conduct business functions. The problem was in the software itself, so everyone who had this software installed was at risk, Keuper confirmed in an email. The company failed to mention this breach in its response, and while it claims its video files are only kept for up to two years, the lawsuit contends that biometric data from the breach dated back to 2012. At the time, BleepingComputer had contacted ProctorU, but after initial emails, wenever received a reply to our queries about whether the data leak was legitimate. Why, if ExamSofts human reviewers carefully examined each potential flag, do the results in this case indicate that nearly all of their flags were still false? The hackers from the Shiny Hunters group has published the database online, exposing . The . Figure 2 shows the range of security checks adopted throughout the whole In 2019, Australia was downgraded by global research organisation CIVICUS Monitor from an "open" to a "narrow" democracy, in part due to severe limits on press freedom and . 02:02 PM. Identity Authentication. This is a preliminary report on ProctorU's security posture. Proctorios most popular product offering, Automated Proctoringrecords raw evidence of potentially-suspicious activity that may indicate breaches in exam integrity. But dont worry: exam administrators have the ability and obligation to independently analyze the data and determine whether an exam integrity violation has occurred and whether or how to respond to it. Discover how businesses like yours use UpGuard to help improve their security posture. Explore cyber risks, data breaches, and cybersecurity incidents involving MeazureLearning. This thread is archived. To define data breach: a data breach exposes confidential, sensitive, or protected information to an unauthorized person. We have begun notifying affected universities and organizations and will continue to do so.. for violating the Illinois Biometric Information Privacy Act (BIPA), after a data breach affected nearly 500,000 users. The trend of schools engaging in student surveillance did not let up in 2022. Such approaches may better reflect the skills needed in the postgraduate work force, Gilliard said. The Security Breach That Started It All. You need to follow up the same case report with ETS (contact info available on their website) to resolve the matter. This has never been more troubling than during the pandemic, with schools adopting remote proctoring and surveillance tools at alarming rates and entering students homes via school-issued and personal devices. Weve also yet to see how ProctorU will limit the other harms that the tools cause, from facial recognition bias to data privacy leaks. hide. In addition, ProctorU has implemented additional security measures to prevent any recurrence." Per the case, the Illinois legislature enacted the BIPA in 2008 in recognition of the fact that the use of biometric identifiers, such as face geometry and fingerprints, exposes consumers to serious and irreversible privacy risks given the information cannot be changed or replaced if compromised. Best VPN: add an extra layer of security with a virtual private network; If you hadn't heard, 444,000 ProctorU users had their data leaked to the public! 4. . The University of Queensland's student union have called on their university to abandon plans to use ProctorU. Students unable to sit their exams for up to 8 hours If you do not see your exam listed, contact your course instructor. Posted by. Online test-taking service ProctorU disclosed a data breach affecting more than 440,000 students and instructors. In one instance, though, these criticisms seem to have been effective: ProctorU, will no longer sell fully-automated proctoring services, . reports Info Security. The incident occurred when an individual who claimed to be a client requested services that prompted the data's release. Faculty and admin listen, especially when we all speak up. alum [Graduated bb!] a major data breach of ProctorU in which 444,000 users' personally identifying information was leaked online and a security vulnerability within Proctorio that allowed hackers to Online exam proctoring solution ProctorU has confirmed a data breach after a threat actor released a stolen database of user records on a hacker forum. From the user who brought you the series of dhar/admin procU fiasco posts, this is a call to email your shitty professor (read: prof that used procU claiming it was secure and didnt collect our data) or any admin member about the ProctorU data breach. The lawsuit claims ProctorU has committed violations of the BIPA since at least June 2019 through the present. This aggregate data would be a first step to understanding the impact of these tools. Schroeder hopes news of the Proctorio vulnerability will spur colleges to move away from online proctoring. Oops! New York, Per the lawsuit, ProctorU was subject to a data breach in July 2020 that exposed the records of nearly 500,000 students. Thanks, you're awesome! As schools move online because of the coronavirus pandemic, students are being asked to install exam proctoring software that some say is privacy invasive spyware. Learn about the latest issues in cyber security and how they affect you. The committee later recommended strongly that the university not use the software. IMS Global is the world-leading non-profit collaborative advancing edtech interoperability, innovation, and learning impact. 23. ProctorU, a proctoring platform for online exams, has disclosed that it was the victim of a major data breach. Investigating 'deeply concerning' hack of controversial exam software - Personal records of 444,000 ProctorU users have reportedly been obtained in a hack and leaked online in hacker forums; . Has anyone hacked into such software, asked Maritez Apigo, an English professor at Contra Costa College, and it just never hit the news?. Oops something is broken right now, please try again later. Articles, news, and research on cybersecurity. : in a telling statistic released by ProctorU in its announcement of the end of its AI-only service, research by the company has found that only about 10 percent of faculty members review the video for students who are flagged by the automated tools. Use actionable insights to remediate your vendor risks. These records were from 2014, and did not contain any financial information. Because the privacy of our students, faculty, staff and alumni is very important to us, we felt it necessary to make you aware of this issue, even though it is not Kent State's breach. This reckoning has been a long time coming. View MeazureLearning's cyber security risk rating against other vendors' scores. Weve outlined our concerns per company below. With Andy Field, Kellen Goff, Heather Masters, Cameron Miller. ProctorU Breach Information | Office of Continuing Education | Kent State University was recently notified of a security breach at one of our vendors, ProctorU. Close. Stanford University discloses data breach affecting PhD applicants, Hatch Bank discloses data breach after GoAnywhere MFT hack, British retail chain WH Smith says data stolen in cyberattack, Trezor warns of massive crypto wallet phishing campaign, Microsoft releases Windows security updates for Intel CPU flaws, CISA releases free Decider tool to help with MITRE ATT&CK mapping, Terms of Use - Privacy Policy - Ethics Statement, Copyright @ 2003 - 2023 Bleeping Computer LLC - All Rights Reserved. But while companies have seen upwards of a 500% increase in their usage, legitimate concerns about their invasiveness , potential bias , and efficacy are . Security research and global news about data breaches. This browser does not support PDFs. Anyone can be at risk of a data breach from individuals to high-level enterprises and governments. You must schedule your online exam at least 72 hours in advance of your desired testing time frame. Many colleges and their faculty members remain worried about academic integrity in the summer of 2020, at least, 93 percent of nearly 800 surveyed instructors said they believed online exams encouraged cheating. Articles, news, and research on third-party risk management. monitored: conducted online through the ProctorU system and recorded. requesting detailed information from three of the top proctoring companiesProctorio, ProctorU, and ExamSoftwhich combined have proctored at least 30 million tests over the course of the pandemic. Online exam proctoring companies like ProctorU have seen a significant uptick in light of the COVID-19 pandemic, which has caused institutions to move exams online. Open the email and click the View Incident Report button. "ProctorU has disabled the server, terminated access to the environment and is investigating this incident.