Confidential exam papers were leaked using nothing more than a USB drive. This incident demonstrates how traditional data-leak channels can defeat high-level security policies. Insider threats don’t always rely on sophisticated cyberattacks.

In this article, we examine a recent incident in South Africa in which students gained illegal access to exam papers and were caught red-handed. Illegal access to such documents erodes trust in the fairness of the exam system for a broader society and could significantly boost an individual’s chances to be enrolled in a preferred university.

According to an official statement from the Department of Basic Education, the issue was first identified by exam markers – professionals trained to spot unusual or suspicious answer patterns. They noticed anomalies in the responses of one student, whose answers closely matched those in the official marking guide. The markers immediately alerted the department and initiated an investigation. Soon after that, investigators were able to discover that similar oddities can be found in the exam answers of additional graduates.

As the investigation progressed, more details became available. The initial concerns focused on the English Home Language Paper 2. Later it was discovered that six more papers were affected by the same issue: English Home Language Papers 1 and 3, Mathematics Papers 1 and 2, and Physical Sciences Papers 1 and 2. The number of suspected graduates rose to 26 people who were graduating from seven schools in a localized area of Pretoria.

Some of the graduates already confirmed that they had unauthorized access to the exam script and answers. The investigation discovered the source of the leak. It is one of the employees of the Department of Basic Education who copied confidential documents to a USB drive and later sold them to another department member who is a parent of one of the graduates. As a consequence, exam scripts were shared via USB drive across graduate parents.

As a result of investigation, learners who are found guilty of cheating will be banned from exams for three exam cycles. Suspected department employees were suspended from their positions and could face a harsher punishment. The South African Police Service could charge them with criminal cases, including the unlawful possession and distribution of stolen state examination materials.

Almost a year ago, the Department of Basic Education was affected by another data leak. At the time, it was rumored that an insider had disclosed exam results. Now, we are seeing a new incident in which exam scripts and answers have been exposed. This breach clearly shows how important it is to protect sensitive information across all data transmission channels.

To help organizations stay safe, the SearchInform team has developed Risk Monitor, a Next-Gen Data Loss Prevention (DLP) solution. Risk Monitor brings together multiple protective capabilities in one platform, including data classification, monitoring of data transfers, and proactive protection features such as digital watermarks. It prevents suspicious data transfers across all major communication channels. It covers a broad range of information-transfer paths, including traditional ones such as USB devices, which continue to pose a persistent security risk.

Risk Monitor’s effectiveness is further strengthened by AI-powered security rules and advanced detection features.

Start a new era of security today–request a complimentary audit and see how Risk Monitor can help protect your organization.