The Georgia Institute of Technology has announced that they detected unauthorized access to their network, exposing the personal information of 1.3 million individuals, including students, applicants, former and current members of their faculty personnel, and staff. The IT team of the institute is currently investigating the incident to figure out who has been affected, and send notification letters to all of them, as required by law. The access occurred on the central database level, which contains highly sensitive personal information like full names, addresses, social security numbers, and birth dates.
This, however, doesn’t mean that all of this data has been leaked ‘ipso facto’, as the forensic investigation that will give an explicit answer to this is still ongoing. The university has notified the U.S. Department of Education who will undertake the role of overseeing the notice distribution to those who had their PII exposed. The access to the central database was achieved through a web application that was later blocked, while the cybersecurity team of the university has also notified its developer of the fact. No further details about the actors behind this breach are known yet, and the team is working towards securing their database from unauthorized access in the future before they focus on tracing back the penetrator.
This incident is regrettable for a university that offers highly specialized cybersecurity courses, leading the innovation in the field, and receiving multi-million state investment funds for the development of relevant training facilities. As a state, Georgia has followed a very pragmatic and conscious approach to cybersecurity standard, but this didn’t help them avoid falling victim of a ransomware attack a couple of weeks back. This goes to show that hackers can always find a way in, no matter how robust the security systems may seem to be.
CEO of Bitglass, a cloud security firm has made the following statement: “On Georgia Tech’s website, it boasts of 173 industry collaborators and 62 U.S. patents issued in 2017 alone. If the university doesn’t tighten its security controls, this kind of proprietary data is likely to be placed at risk. This is particularly true now that organizations are storing and sharing data in the cloud more than ever before.”
Share your thoughts on the above in the comments section below, and don’t forget that you can do the same on our socials, on Facebook and Twitter.