Ljubljana – A popular online grade book used by hundreds of Slovenian schools and an estimated 35,000 teachers has been compromised in an apparent phishing attack that has affected an as yet unknown number of grades.
The grade book system, called eAsistent, was compromised via a fake website with the help of which teachers’ login credentials were stolen and then used to log into the genuine system, according to the developers of the platform, the company eŠola.
“The operation and security of eAsistent was not jeopardised, it was just that the login credentials of certain teachers who were targetted by attackers were compromised,” the company’s head of security Sašo Volčjak told the STA.
The phishing site has already been taken down.
The statement comes in the aftermath of media reports stating that perpetrators had advertised access to the grade book to students on social networks.
According to Delo newspaper, the students were instructed to open the phishing website on school computers to lure teachers into entering their login credentials. This way, the perpetrators had access to the data.
It remains unclear for now how many teacher accounts were compromised. The developer says the tool has a built-in audit trail so it was possible to determine if there was any unauthorised changing of grades.
The company said a criminal investigation had been launched.
Gregor Pečan, the head of the Association of Primary School Head Teachers, said the incident was probably an act of “mischief” that had potentially grave consequences.
But he downplayed the severity of the breach saying that the majority of teachers still had a backup of grades in hardcopy.
Nives Počkar, the head of the Association of Secondary School Head Teachers, meanwhile invoked long-standing concerns about a private company handling such sensitive personal data.
“We’ve often alerted the Education Ministry to that, but they’ve done nothing. Schools still have to abundantly finance outside contractors to store all this data, which is wrong,” she said, hopeful that the incident would trigger change.