Michigan online bar exam cyberattack raises privacy concerns

Occurred: July 2020

Michigan's online facial recognition-powered bar exam was reduced to 'chaos' by a cyberattack that disrupted part of the test and prompted concerns about poor security and loss of privacy.

A distributed denial of service (DDoS) attack on ExamSoft's exam proctoring platform resulted in people taking Michigan's bar exam were unable to log-into one of the test modules, resulting in anxiety and panic. 

At the time, ExamSoft said it had been targeted in a 'sophisticated' cyberattack, and that 'at no time was any data compromised.' A number of applicants later complained that their passwords had been hacked, though ExamSoft said it was coincidental. 

The incident prompted accusations that ExamSoft had not been taking the security of its system, and the privacy of applicants, seriously.

System 🤖

Operator: ExamSoft; Michigan Board of Law Examiners
Developer: Turnitin/ExamSoft
Country: USA
Sector: Education
Purpose: Identify identity; Detect cheating
Technology: Facial recognition
Issue: Robustness; Privacy; Security