Proctortrack suspends service following breach, impacting FEAS & Smith

Canadian student data safe, frozen on servers

Queen’s has been implementing the Multi-Factor Authentication since the summer.
Photo: 

Thanks to technological issues, remote midterms aren’t going quite as planned.

Proctortrack detected a security breach on Oct. 13 at 3:30 p.m. After the breach, it suspended its service for 10 days to conduct maintenance. 

The service published a statement releasing the details of the breach on Oct. 14, and Queen’s published a press release informing students of the effects on Oct. 16.

The shutdown will affect some students in the Faculty of Engineering and Applied Science (FEAS) and the Smith School of Business, according to the University. 

FEAS will use Examity to proctor its midterms, and Smith has moved to non-proctored midterm assessments. Instructors will email the affected students with updates on their exams.

“To date, our security team has reviewed the incident and implemented safety measures against the breach and secured any exposures to avoid any further threats or intrusions,” Proctortrack wrote in the statement.

READ MORE: Queen’s begins search for new Chancellor

According to an additional statement on Oct. 17, Proctortrack has “contained” the issue and is “in the process of assessing the impact.”

“At an organization level, we work closely with Cybersecurity experts to reduce the risk of security and data breaches,” the service wrote. 

“We have invested heavily in our IT Security Systems, and that investment has been successful in the sense that it reduced the risk presented by many attackers.”

In an interview with CBC News, Rahul Siddharth, CEO of Verificient Technologies, the company which developed Proctortrack, said the company’s servers in Europe were hacked by a “prankster.”

The “prankster” accessed the servers by pretending to be a Verificient employee. 

According to Siddharth, Proctortrack detected the breach within a few hours and froze its servers, so no student data was leaked.

“Our logs show there has been no data breach on the servers,” Siddharth said. “Student data has never left Canada. It’s still on their servers. We just froze that data. Canadian students don’t need to worry.” 

READ MORE: Queen’s chooses Examity, Proctor Track for upcoming exams

Western University was also affected by the breach. Student assessments which had intended to use Proctortrack were suspended, and instructors were told to find alternative solutions.

Queen’s announced it had selected Examity and Proctortrack as its two remote proctoring services in early October.

It made the decision after determining both services met the University’s privacy and security requirements.Both programs have been used at Queen’s in the past and will continue to be used in the future.

Last week, a petition started circulating online asking the University to let students opt out of remote proctoring for exams. As of Oct. 20, it had 250 signatures.

The petition cites “significant privacy concerns” with Examity and Proctortrack, as they each require students to submit personal information, including their student ID and address.

Proctortrack verifies students’ identities using facial recognition technology and uses the computer’s camera to monitor their behavior during the assessment, including possible incidents of cheating.

“I recognize that with the pandemic, there are challenges that Queen’s must face in maintaining academic integrity. However, the privacy concerns inherent in both Examity and ProctorTrack cannot be ignored,” the petition stated.

“Therefore, I encourage the university to allow students to opt out of remote-proctored exams if they have privacy concerns and to work with professors to prepare alternate examination formats for those students.”

READ MORE: Challenges with remote exam delivery cause stress during finals

Prior to the breach, Queen’s was promoting cybersecurity.

The University launched the Multi-Factor Authentication (MFA) initiative this past summer to double-check the identities of those accessing Queen’s online resources. As of Oct. 1, 49 per cent of Queen’s staff members and 16 per cent of student-staff had enrolled in the program.

According to Jennifer Doyle, chief information officer and associate vice-principal (IT Services), MFA is “strongly encouraged” for students. The program will be rolled out to students during the fall term in three-week enrolment windows.

“MFA is being deployed using a wave-based approach to manage the impacts to different user groups and to ensure the IT Support Centre is able to effectively support the entire campus community,” Doyle wrote in a statement to The Journal.

Students don’t need to wait to be notified of their enrolment time. However, they can enroll any time using the instructions on the IT Services website.

Want to see more like this? Subscribe to our newsletter, Campus Catch-Up to receive regular updates right in your inbox.

When commenting, be considerate and respectful of writers and fellow commenters. Try to stay on topic. Spam and comments that are hateful or discriminatory will be deleted. Our full commenting policy can be read here.