ProctorU Breach: Expert Commentary

In response to the recent news about ProctorU’s data breach after a threat actor released a stolen database of user records, below are some insightful comments from cybersecurity experts on this topic.


EXPERTS COMMENTS
Trevor Morgan, Product Manager ,  comforte AG
August 13, 2020
But the most damaging part of any data breach is the loss of trust and the brand reputation which can result from a data breach.
The mission of ProctorU is a good and beneficial one, ensuring that test-taking is fair and conforms to the rules. The irony in this data breach is that ProctorU specializes in monitoring (the testing process), but they overlooked the risks to their own data environment. Unfortunately, peoples’ private data is now compromised, and ProctorU must exert time, effort, and expenses in an attempt to m ....
[Read More >>]
Chris Abbey, Incident Handling Manager,  Red Canary
August 13, 2020
Individuals who are going to use proctoring software should take care to protect themselves before offering a third party this level of access to their computer.
Essentially, a remote proctoring service boasts many of the functionalities you would expect to find in a legitimate or malicious remote access tool. While this breach is said to have been limited to personal information, it raises the specter that compromising a remote proctoring service could grant an adversary some level of access to the customers of remote proctoring services like ProctorU. I ....
[Read More >>]
Adam Laub, CMO,  STEALTHbits Technologies
August 11, 2020
Sadly, this breach event looks indistinguishable from virtually any other.
One of the more interesting fields of information buried in the schema details of the Proctoru.com database is “eu_citizen”. While one can’t say for certain based on the information provided, this field almost undoubtedly exists because of the groundbreaking EU GDPR data privacy regulation, which aims to hold all organizations collecting and storing the information of EU residents accountabl ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
August 11, 2020
Companies cannot turn a blind eye to their own security gaps.
This is a case of who’s watching the watchers! The organization charged with watching students to discern bad behavior have themselves suffered from that very fate. Companies cannot turn a blind eye to their own security gaps. In this case, the gaps were dramatic enough to leak an entire database of student data. Time to rethink behavior analytics by monitoring for bad behavior both inside and o ....
[Read More >>]
Paul Taylor, ESCALATE Mentor,  Point3 Security
August 11, 2020
Personally identifiable customer data needs to be protected against more and more sophisticated attacks.
This is another example of how exposed our digital lives have become. Personally identifiable customer data needs to be protected against more and more sophisticated attacks. Building a diverse security team that's trained to handle the ever-shifting vulnerabilities is essential to securing the data your company holds. ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article