Several Pennsylvania bar exam applicants published a letter to the Pennsylvania Bureau of Consumer Protection Wednesday requesting an investigation into ExamSoft, the software being used to administer the upcoming October bar exam. The applicants expressed concerns that recent data breaches resulted from fundamental security flaws within the ExamSoft site.
The applicants also allege that ExamSoft has made material misrepresentations in its security policies that violate the Pennsylvania Unfair Trade Practices and Consumer Protection Law:
In the letter, multiple applicants reported that they had passwords breaches and fraudulent charges on financial accounts in the days following their downloading of the ExamSoft software. The letter expresses concern regarding ExamSoft’s storage of applicants’ Social Security numbers and video and audio data after the Association for Software Testing remarked that a “cursory examination of the ExamSoft website finds very intrusive ‘features’ that grant device access a hacker would dream of. […] Software with this level of control over an examinee’s computer represents a significant security risk to examinees.”
ExamSoft has become the exclusive bar exam platform for twenty jurisdictions throughout the United States. Applicants are seeking an injunction to ensure that ExamSoft follows appropriate policies for data security for the bar exam.
The Pennsylvania Consumer Protection Bureau has not yet responded to the letter.