Proctortrack data breach raises privacy concerns

Occurred: September 2020

A security breach of software code and personal data at AI-powered online proctoring company Proctortrack raised concerns about its security and user privacy. 

According to Consumer Reports, analysis of leaked Proctortrack source code suggested that the company ignored basic data security practices, with suggestions that videos of students taking tests may have been accessible to unauthorised Proctortrack employees, along with facial recognition data, contact information, digital copies of ID cards, and more.

The names and email addresses of over 150 students, mostly from St. George’s University medical school in Grenada, appeared in the software in plain text. Proctortrack was suspended for seven days after the breach was discovered. Verificient, the company that created Proctortrack, said an 'imposter' accessed its server and 'emailed out fraudulent messages.'

Proctortrack later issued a statement in October stating that 'no personally identifiable information (PII) was accessed,' but the incident raised concerns about student privacy. It was also seen to raise questions about the thoroughness of vetting of online proctoring companies by colleges across the US and elsewhere. 

Operator: Rutgers University; St. George’s University; Western University
Developer: Verificient Technologies
Country: Canada; USA
Sector: Education
Purpose: Detect and prevent cheating
Technology: Facial recognition
Issue: Privacy; Security
Transparency: Governance