SuperTalk Mississippi
News

Test provider to improve cybersecurity after breach

Photo by News Mississippi

After a data breach in 2018, a test provider for the Mississippi Department of Education has agreed to strengthen their cybersecurity.

Questar, one of several test providers for the MDE, was the target of a data breach in January 2018. During the breach, an unknown hacker gained access to testing data for over 650 students in North Mississippi.

“The MDE takes very seriously the confidentiality of student information, and any breach of our records will not be tolerated,” State Superintendent Dr. Carey Wright said at the time. “Even though this incident is isolated to a fraction of students, any type of breach is unacceptable, and we are holding Questar accountable to ensure this never happens again.”

The proper protocol was followed at the time and it appears that the data was not used “maliciously”, according to Attorney General Jim Hood.

After the breach, Questar stated that they would fully cooperate with the MDE to ensure that this would not happen again. The company has now voluntarily entered into an ‘Assurance of Voluntary Compliance (AVC)’ with the Attorney General’s Office in an attempt to improve their cybersecurity practices.

The AVC requires the following of Questar:

  • Comply with the Mississippi Consumer Protection Act
  • Promptly notify the MDE and law enforcement of any breach of security resulting in an unauthorized release of student’s personal information
  • Coordinate with MDE to notify students and parents of any breach
    •  Follow a Comprehensive Information Security Program including the following:
      o   Designate a Chief Information Security Officer (“CISO”)
      o   Conduct an annual risk assessment and implement safeguards pursuant to the assessment
      o   Train employees on privacy and cybersecurity
      o   Regularly test effectiveness and improve accordingly
      o   Select and retain service providers capable of safeguarding students’ personal information
  • Revoke all terminated Questar and MDE employees’ network access within two business days of said termination
  • Encrypt student’s personal information or use alternative effective controls in any instance where encryption is not feasible (which shall be documented)
    Appoint a Patch Supervisor who shall be responsible for timely implementing security updates and security patch management

“While we don’t know why the hacker accessed the information, fortunately, so far, we do not have evidence that the student information was taken and used maliciously. Questar has voluntarily cooperated with us to address our concerns regarding the company’s cybersecurity,” General Hood said regarding the agreement. “It’s important that state agencies contract with companies who prioritize safe handling of student data and personal information.”

Questar administers Mississippi’s statewide assessments in English language arts and mathematics, Algebra I and English II.

Stay up to date with all of Mississippi’s latest news by signing up for our free newsletter here

Copyright 2024 SuperTalk Mississippi Media. All rights reserved.

Related posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More