Contents
Those responsible have informed how many people are affected by the hack. The procedure immediately after the attack is not only met with understanding.
761 people were directly affected by data theft at the Basel Department of Education (ED). This was announced by the authority after an analysis of the data published on the Darknet.
Files “with potentially sensitive personal content” were probably also stolen and published by these 761 people. This can be, for example, clarifications by the school psychological service or the KESB.
The ED only asked the approximately 30,000 users of the hacked “eduBS” network to change their password around two months after the attack became known.
In the meantime, the school authorities had obtained help from an external IT security company and initiated various measures.
The canton’s late reaction triggers criticism
One has to reckon with a cyber attack these days, says Michael Wüthrich, computer science teacher at the Leonhard Gymnasium in Basel. However, the former Green Councilor criticizes that the school authorities waited far too long before asking all users to change their passwords.
“If you discover a hacker attack, one of the first measures must be to deactivate all user accounts and ask users to change their passwords – and to do this within a short time,” says Wüthrich. In the present case, that only happened about two months after the blackmail.
Martin Lutz, a cyber security expert at the IT company Axians, agrees that the immediate request to change your password is a standard measure. “If you consider that such a well-known and large hacker group is behind such an attack, you can also assume that other users are affected.”
Normally, the passwords should be changed within 24 to a maximum of 48 hours, according to the IT expert.
“Acted according to the current state of knowledge”
Basel Education Director Conradin Cramer says he reacted immediately when the extent of the attack became clear. “When we realized that the password database was also stolen, we asked all users to change their passwords.” And with around 30,000 users, including thousands of teachers, that is not an easy task.
It was difficult decisions. On the one hand, it was not clear for a long time which data had been stolen and the school had to continue. On the other hand, by the end of January it was clear that the attack was being launched by clever cybercriminals. “In retrospect, we might have asked our users to change their passwords earlier if we had known the extent of the data theft at the time,” says Cramer.
Is the school network secure now?
The education director assumes that the network was secure again as early as January and the hackers were no longer able to steal any more data.
Computer science teacher Wüthrich is skeptical. He thinks it’s possible that the hackers still have certain access points. He also has a guess as to why the education department reacted so late. “From my point of view, an attempt was made to let the whole thing disappear under the radar. Hope is good, but action is better.”