Software that helps monitor university students taking exams has been shut down after the developer detected a security breach.
New York-based Verificient Technologies is the developer of Proctortrack, a program that watches students while they take online exams to ensure they are not cheating. At least two Canadian universities – University of Regina and Western University – use Proctortrack to monitor their students as they remotely take their exams from home.
Last week, Verificient revealed in a release that it had detected a security breach at one of its servers. Verificient Technologies chief operating officer Rahul Siddharth told CBC News that a malicious actor managed to log into one of the company’s servers in Europe and sent fraudulent emails. The malicious actor even “played around with some files,” Siddharth added.
The chief operating officer stated that the breach was caught within a few hours, and that the affected servers were frozen as a precautionary measure. Siddharth also gave assurances that the incident was a security breach, not a data breach, as it appears that no data was stolen.
“Our logs show there has been no data breach on the servers,” Siddharth told CBC News. “Student data has never left Canada. It’s still on their servers. We just froze that data. Canadian students don’t need to worry.”
According to a release from Verificient, the breach occurred on October 13, 2020. But students who used the software were not notified of the breach until October 15, 2020. Verificient’s announcement of the security breach did not mention which of its other clients were affected.
Emails later sent to University of Regina and Western University students and staff stated that Proctortrack systems would be down for seven to 10 days.
Prior to the security incident, students from both University of Regina and Western University had their reservations against using Proctortrack, since the software not only collects student ID information for verification purposes, but also accesses the user’s camera. But Siddharth said that the information is typically not kept more than 60 days after testing.
