Georgia Institute of Technology has revealed it suffered a data breach after one of the college’s web apps exposed the information of 1.3 current students and alumni.
Student application forms and employee data are also thought to have been caught up in the breach at the Atlanta-based institution.
Having first been uncovered in March, Georgia Tech officials say that a team of engineers is currently assessing the extent of the disruption. While investigations are still in initial phases, it appears that names, addresses, social security numbers and dates of birth are among the compromised data.
The college said:
“The U.S. Department of Education and University System of Georgia have been notified, and those whose data was exposed will be contacted as soon as possible regarding available credit monitoring services.”
The data breach adds pressure on the college following an incident in 2018, when 8,000 students had their details forwarded to incorrect recipients.
Despite these hiccups, Georgia Tech has been developing a reputation as a cybersecurity hotspot. A $60 million funding announcement made in January 2017 sent out a clear message about the school’s ambitions as an educational leader in the sector.
The money was dedicated to the building of a cyber training facility at the university that will bring academia, private industry and government arms together to push cyber-security standards across the state.
Quick to pick up on the potential embarrassment of Georgia Tech’s two data breaches in as many years, SecurityFirst CMO Dan Tuchler, said:
“How ironic that a university with a high ranking in computer science, which offers courses in cybersecurity, got hacked.
“This in a state which has had privacy regulations in place – the Georgia Personal Identity Protection Act – since 2007. This is a clear example of the need for encryption of personal data. Hackers always find a way in and they need to be stopped before they get the personal data.”
Bitglass CTO, Anurage Kahol said:
“On Georgia Tech’s website, it boasts of 173 industry collaborators and 62 U.S. patents issued in 2017 alone. If the university doesn’t tighten its security controls, this kind of proprietary data is likely to be placed at risk.
“This is particularly true now that organisations are storing and sharing data in the cloud more than ever before.”
VP of global strategy at ForgeRock, Ben Goodman said:
“Academic institutions are a growing target for attacks given the personally identifiable information they collect for tens of thousands of students, employees, donors and partners. This data will quickly make its way to the dark web where it will be used for identity theft, synthetic identity creation and robotic account takeovers.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.