Site Falsely Claims WSIPC has a Security Vulnerability
May 29, 19
An online site has written an article, FALSELY stating that WSIPC has a security vulnerability. Employees from ESD105 and OSPI brought this article to WSIPC’s attention, and OSPI is aware that the information in the article regarding WSIPC is FALSE. The article can be found at https://arstechnica.com/information-technology/2019/05/two-years-after-wannacry-us-schools-still-vulnerable-to-eternalblue/.
WSIPC servers were patched in 2017 to protect against the WannaCry virus. Known types of this vulnerability DO NOT exist on any of the servers used by WSIPC. This vulnerability has also never been flagged by any of our independent security audits or security scans, which are conducted annually.
WSIPC does own a vast bank of IP addresses used by school districts, and we have no control over how those servers are maintained or updated. It is possible that the author of the article pinged those IP addresses, which would return WSIPC as the owner.
We are aggressively pursuing a retraction from the Arstechnica association.
At WSIPC, Data Security is a Top Priority!
We take our obligation to protect the privacy and security of your data seriously, and we take the following measures to protect it:
- Data Ownership – WSIPC never discloses or shares student-level data, to any party outside of state or federal entities, without the approval of the district.
- Data Security – Security assessments are conducted on WSIPC systems annually, by independent companies. The results of the assessments are used to ensure that our system security is continually updated to meet the ever-growing threat of cyber security attacks.
- Security Awareness – WSIPC participates with the following resources, among others, to stay informed and engaged:
- Student Data Privacy Consortium (SDPC) – a national alliance of states, districts, vendors, and policy makers. WSIPC has been part of this organization since its inception.
- National Center for Educational Statistics – a multi-state forum operated by the US Department of Education.
- Future of Privacy Forum (FPF) – a non-profit organization that serves as a catalyst for advancing principled data practices and fostering privacy leadership and scholarship.
Student data privacy is a top concern for WSIPC, and we will continue to do our utmost to ensure that your data is protected.
To learn about WSIPC’s security policies and practices, see our Data Privacy page on our website, or contact us at firstname.lastname@example.org or 425.349.6600.
WSIPC is a non-profit cooperative that provides technology solutions, services, and support to K-12 schools and ESDs. WSIPC’s purpose is to help schools do more with every dollar and to empower them with the tools to work smarter. To learn how to become a part of the WSIPC Cooperative, visit our website or contact us at email@example.com or 425.349.6600.
Inspired by education. Empowered by technology.TM