What should I do if someone else has logged into eKool account and made entries?
Question
What should I do if my eKool user account has been taken over and changes have been made to it?
Answer
Attention!
Teachers, class teachers, and school staff must be particularly attentive!
- Change your eKool password immediately
- Instructions on how to change your password in eKool - Password Change
- If your password has been changed during the account transfer, read more about How to reset your eKool password.
- Find out how two-step authentication (2FA) has been bypassed
- If necessary, change the login password for this security method (e.g. email address)
- Has anyone had access to your phone (SMS)?
- Is the device password known to several people (security key)?
- If someone has sent offensive or inappropriate messages from your account:
- Click on the conversation -> open the menu (i) -> save the conversation as a *.pdf file. This file will be needed as evidence for the police.
- If you want to delete a message:
- Click on Trash icon next to each message in the conversation to delete it. When deleting, there are two options: select Delete for everyone! Do not select the first option, which only deletes the message for the teacher.
- Each message author has 24 hours to delete their messages, so you must act quickly.
- If the account belonged to a teacher or class teacher, check the following:
- Journal: Have any changes been made to grades, comments or lesson decriptions?
- Student remarks and feedback.
Attention!
Gradings, comments, and feedback can only be deleted by a teacher.
Logs remain intact. If you want to know what the original grade was:
- Ask your class teacher or school principal for help – these roles can view the student's news feed in eKool, where the information is stored for up to 30 days.
- Notify the police.
- If it was a malicious intrusion, file a report with the police.
- If necessary, ask for help from the school's IT specialist or principal.
- After initiating proceedings, the police will contact eKool for additional information if necessary.
- Notify the Data Protection Agency
If the privacy of a student or employee's data was violated when the account was taken over:- The school must register the incident with the Data Protection Agency.
- This must be done no later than 72 hours after becoming aware of the violation.
It is definitely necessary to talk about cyber hygiene! Cyber hygiene is important – pass on recommendations about passwords, two-step authentication, and account protection.