Indiana Department of Education technicians dealing with the second hacking attack this week on the agency’s website are closely monitoring the site after installing a fix intended to end its vulnerability, a department spokesman said Friday.
The DOE’s website was hacked Monday and Thursday and taken down for a few hours both times by staffers after the situations were discovered, agency spokesman Daniel Altman said.
He said no education department data was compromised in either attack. While the DOE’s main page was affected, the agency’s data, including student test scores and school and corporation data, are kept on different servers than the one that runs the website, Altman said.
In both of this week’s attacks, a message was posted on the website claiming that the hackings were done by Nigeria Cyber Army, although it’s unclear who was actually responsible, he said.
The DOE website was one of many that use the content-management system Drupal which were recently hit by hackers. The firm issued an advisory Oct. 29 urging its customers to quickly install the recommended patch.
Altman said that patch was installed late Thursday afternoon and is expected to prevent further attacks.
“That’s our anticipation. Obviously we’re going to be monitoring it constantly and any way we can strengthen the security around it we’re going to do that,” he said.
Indiana’s other state-run websites were not affected by Drupal’s vulnerability because those sites use a different content management system, said Graig Lubsen, the Indiana Office of Technology’s broadband executive.
Lubsen said Indiana “is one of the few” states, if not the only one, that have virtually centralized its website hosting and support services. He said the Office of Technology consolidated those websites services in 2008 in a cost-cutting step.
The Department of Education, however, does not use any of those services due to a decision that predates both current state schools Superintendent Glenda Ritz and her predecessor, Tony Bennett, Lubsen said.