On Wednesday, October 14, eCampusOntario was made aware by Verificient Technologies that their remote proctoring platform, Proctortrack, is experiencing a system-wide disruption.
These challenges were communicated to to member colleges and universities, and eCampusOntario will provide ongoing updates on this page as they become available:
October 22, 9:00 AM EST
- We have resumed the service in a staged fashion and Proctortrack- Level 1/2/3 will be available to the users from today afternoon and Level 4 from tomorrow.
- We will continue to monitor the progress and will get back to you if there is anything that we need to update you on.
- If you have the exams over the next 4days then please let us know so that we can keep track of our support channel to see any issues reported.
October 21, 5:00 PM EST
We are on the expected timeline to make Proctortrack available for our customers tomorrow. Here is the public statement that we posted on our website:
October 19, 12:00 PM EST
Following security and privacy measures have been implemented to prepare ourselves to go live this week. Most important among these are a data privacy tool for students and 2FA for institutions using direct access to our dashboards.
Privacy measures:
- Students are concerned about what data is collected and when will they be purged. Towards that, a privacy tool for students/learners has been implemented is being rolled out to allow learners to see what proctoring data Proctortrack still has and when will they be purged
- Students are concerned about their photo IDs being stored for too long. Now, an institution-level configuration has been added to allow institutions to have their photo IDs purged immediately after their approvals.
Security measures:
- Our automated testing server was breached because of insecure access control and vulnerability. The automated testing server has been patched and put behind a firewall.
- Our automated testing server had a portion of the development version of our source code. Hence, we are taking the following security measures:
o URL patterns in source code have been updated
o The way configurations are handled in the code has been updated
o Settings parameters have been updated
- Some emails were sent spoofing Verificient support addresses. Anti-spoofing measures have been implemented on Verificient email providers. More measures are being implemented in the next one day.
- The review recommended to use stricter access control for dashboards used by institutions that do not use LMSes or SSO. 2FA has been implemented for all dashboards that can be accessed without SSO.
October 18, 5:00 PM EST
Proctortrack will be ready to resume its Level-1/2/3 proctoring services on Thursday, Oct 22nd, earlier than originally planned. Live proctoring will resume on Friday, Oct 23rd.
We are making this decision based upon the security review feedback so far involving our infrastructure, our codebase, and our access controls. We have completed the implementation of all of the major suggested measures.
The forensic review is still in progress and there has not been any sign of data breach.
October 17, 5:00 PM EST
“Here is an update as of 5:00 pm EST, Oct 17th, 2020
- The external forensic and cybersecurity team are continuing their review process.
- We have another team testing for any vulnerabilities and searching for any security gaps.
- So far, there is no sign of any data breach or any unauthorized data export.
The FAQ page has been published on our website.”
October 16, 6:29 PM EST
- External review has started and in progress
- There is no sign of any data breach based on our assessment
- Our focus remains on communication and working towards bringing our operations back
- Towards improving user access control, we are implementing 2FA for institution instructors and reviewers accounts
- As per the current audit and review progress, we plan to resume services on 26th Oct 2020.
We understand the difficulty and concerns this disruption has caused to you and your users. We thank you for your support during this cautionary measure that we have taken.”
October 15, 12:20 PM EST
Due to the sensitive nature of data privacy and security and to give the highest level of protection to our Clients and Users, we have taken the tough decision to shut down our systems and services, to prevent any unauthorized access, until we can determine whether or not this is a serious breach, and that we have remedied the situation.
Verificient has suspended Proctortrack services on October 14th, 2020 at 6pm EST. We anticipate that this may take a number of days for a thorough security review and an external audit.
To date, our security team has reviewed the incident and implemented safety measures against the breach and secured any exposures to avoid any further threats or intrusions. Any test taker attempting to start a Proctortrack test had been shown a notice asking them not to start the proctored test.
Please contact your Client Service Representative for details. More updates will be provided as our security review continues and progress is made.
Once this is resolved, we will work with you to the best of our ability to get you and your users back on track. We understand that this will cause tremendous difficulty for you and your users and we sincerely apologize for this.
Thank you in advance for your patience while we work to protect you and your users.
October 14, 8:47 PM EST
We, at Proctortrack, detected a security breach because of which our services experienced a disruption yesterday on 13th October 2020 at around 3:30 pm EST. So far, our security team has reviewed the incident and implemented additional safety measures against the detected risks or exposures to any related possible incidents. Our alert systems notified us of the current breach in one of our servers used for automated testing (QA).
We have resolved the observed breach to avoid any further threats or intrusions. In the light of this security breach, as a cautionary measure, we have taken the tough decision to shut down our systems and services, we anticipate that it may take 7-10 days for a thorough security review and an external audit. Any test taker trying to start a Proctortrack test had been shown a notice asking them not to start the proctored test.
We have stopped the service at around 6 pm EST. Any student who may be in the middle of a proctored test will not see any interruption. I understand that this will cause tremendous difficulty for you and your students and I sincerely apologize for this. We shall provide you more details as our security review continues.
We will keep you updated with the daily communication with the progress that we make. Once this is resolved, we will work with you to the best of our ability to get you and your users back on track
October 14, 4:00 PM EST
We have had a security breach because of which Proctortrack service experienced a disruption yesterday starting at around 3:30pm EST for about 45 mins on 13th Oct,2020. During this period, there was an unsolicited email sent from our Support tool to some of the users.
Our security team has reviewed the incident and we have verified that no bio-metric data, videos, images or any recorded data have been affected or exposed.
We have taken necessary measures, including the updating of security keys and review of access controls.
We are continuing to review the incident and we will provide another update within the next 24 hours.