Business

E-diary under the microscope of hackers. Librus appeals to the Ministry of National Education for mandatory security measures

Photo of Ashley Davis Ashley Davis24/01/2026
0 83 4 minutes read

Even the best-designed and secured system will be susceptible to incidents if users do not use security measures – emphasizes Librus, the supplier of one of the e-journals, in a letter to the head of the Ministry of National Education. At the same time, it calls for the introduction of an obligation to use stronger security measures.

E-diary under the microscope of hackers. Librus appeals to the Ministry of National Education for mandatory security measures
E-diary under the microscope of hackers. Librus appeals to the Ministry of National Education for mandatory security measures
photo: Sharaf Maksumov / / Shutterstock

Librus hack

Last Sunday, there was a hack into the Librus electronic journal at the Economic and Catering School Complex. Stanisław Staszic in Otwock near Warsaw. According to the school, this was done by taking over the account of one of the teachers.

On Monday, commenting on this matter, Education Minister Barbara Nowacka said that she had received information about three cases of hacking into e-journals. She emphasized that the ministry is not responsible for creating electronic logs and storing databases.

– This is a strictly commercial activity. We don't know the reasons (for the burglary – PAP), so I wouldn't like to talk too much about why it happened, what happened, because we simply don't know it, she said. She noted that the ministries of education and digitization are working on creating a central, state electronic journal. The login system is to be based on mObywatel.

Poland is working on a state e-journal

In turn, Deputy Minister of Education Katarzyna Lubnauer. Referring to the issue of hacking into e-journals, she said that “among other things, we are creating a state electronic journal to be sure not only about accessibility, that it will be a tool available for free to teachers and local governments, but also for security reasons.”

Teacher's account has been compromised

President of Librus Sp. z o. o. Marcin Kempka, in an open letter sent on Tuesday to the head of the Ministry of National Education, emphasized that at the school in Otwock “The system was not 'breached', but the teacher's account was taken over and using it for activities in the electronic journal of a specific school, i.e. to put it simply, for unauthorized use of the teacher's login and password.” “It is worth emphasizing that incidents involving the interception of authentication data are today one of the most common cybersecurity problems in many industries, often including in Polish schools – regardless of whether the system the institution uses is commercial or state-owned,” he added.

“However, it must be honestly said that even the best-designed and secured system will be susceptible to incidents if users do not use the security measures made available to them. Both at the level of single user login and at the level of solutions made available to the system administrator, i.e. the school,” Kempka pointed out.

He noted that the current standard for increasing account security is two-factor authentication, i.e. the so-called 2FA.

“For Librus, the security of data of students, parents and teachers is an absolute priority area. We have been providing schools with tools such as 2FA for years. We invest in technical security, monitoring and mechanisms limiting the risk of access data being compromised. We conduct training and educational campaigns,” he said.

“However, we know from practice that in the absence of clear legal requirements in education and organizational support for institutions, many of them do not implement this solution,” Kempka wrote. He reported that only 18.63 percent teachers currently use 2FA to log in to the Librus e-journal.

“Unfortunately, this means that as many as 81.37% of teachers' accounts do not require the second component, i.e. they are potentially at risk of having their access taken over. Unfortunately, m-Obywatel or an alternative in the form of a public system will not change this, because the problem is not the lack of available security tools, but the lack of awareness that using them is necessary in today's reality,” he noted.

“After many years of educational activities conducted by us and other companies, it is clear that education itself – without requirements and legislative support – has natural limitations,” Kempka wrote.

This is why calls for an amendment to the regulation on keeping documentation of the course of teaching and the introduction of binding provisions obliging the use of the 2FA solution in e-journals – so that it covers every school and every system – commercial or public. “As long as the safety of using electronic journals by school employees is omitted in educational regulations and therefore 'optional', such situations will continue to repeat,” he added.

Someone changed students' grades

The management of the Economic and Catering School Complex in Otwock issued a statement in which they informed that on Sunday a breach of personal data protection was detected, consisting in unauthorized access of a third party to the account of one of the school's teachers. The perpetrator made unauthorized modifications to mid-year grades in Polish and sent vulgar and offensive messages. “The breach concerns the personal data of students and their parents/legal guardians, including: names and surnames, information about academic results, information about attendance and contact details related to the journal account,” it was reported.

The school informed that immediately after discovering the violation, actions were taken to clarify the reason for the disclosure of data and implement actions to prevent such situations in the future, and that the account used by the perpetrator was blocked and correct grade documentation was restored. It was added that school employees were trained in the principles of safe processing of personal data and received guidelines on the use of IT systems. “As part of actions to prevent similar situations from occurring in the future, a decision was made to remind employees of the principles of securing personal data in IT systems,” we read. The breach was reported to the President of the Office for Personal Data Protection and the Police. The school recommends to parents and students, among others: changing the password for the e-journal and e-mail associated with it, immediately changing passwords on other websites (if they used the same password and remaining vigilant against possible attempts to extort data via e-mail and SMS messages.

Pursuant to the regulation of the Minister of Education on the manner in which public kindergartens, schools and institutions keep documentation of the course of teaching, educational and care activities, a school may, but does not have to, keep an electronic journal. If the managing body decides to keep an e-journal in schools, it selects the supplier and the school must comply with the security requirements specified in the regulation. (PAP)

dsr/ktl/

Photo of Ashley Davis Ashley Davis24/01/2026
0 83 4 minutes read
Photo of Ashley Davis

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

New frozen meals for people using Ozempi and Wegova

11/08/2025

Happiness and health. How happy do you have to be to reduce your risk of disease?

04/12/2025

Kawasaki showed Corleo. Robo-KONIA with artificial intelligence

07/04/2025

Tusk spoke after the night meeting of Hołownia with PiS. “Maintaining a coalition requires courage and loyalty”

05/07/2025

Leave a Reply

Your email address will not be published. Required fields are marked *

2022 © Automatic RSS News Aggregator KNews.Media. Company Name: KNEWS Media Group LLC Address: 160 Broadway, New York, NY 10038 United States
Back to top button