Data breach disclosed by Oregon State University

data privacy

Oregon State University is one more in a line of North American universities to have experienced a data breach in recent weeks.

Oregon State University (OSU) has disclosed a data breach which may have compromised the personal and private data of students and their families.

Last week, OSU revealed that 636 records of student and corresponding family data may have been exposed following a security intrusion in May of this year.

While precise details have not been released regarding the material caught up in the data breach, personally identifiable information (PPI) can comprise names, residential addresses, telephone numbers and social security numbers. However, financial data are not normally filed under the PII umbrella.

OSU has blamed the data breach on a phishing campaign to which an employee fell victim. The staff member’s email account was infiltrated and records stored in that email account were stolen.

Vice president for OSU university relations and marketing, Steve Clark, said:

“OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information.

“While we have no indication at this time that the personal information was seen or used, OSU has notified these students and family members of this incident.”

The data breach victims and their families have been offered credit monitoring services, while a phone line has been set up to give advice to those affected. OSU has said that the data breach has now prompted a full review of the school’s IT systems.

Graceland University in Missouri fell victim to a potential data breach earlier this month, when it was discovered that unauthorised parties gained access to staff email accounts on three separate occasions.

The university did not reveal how many records had been exposed, but Graceland admitted that social security numbers, birth dates, residential addresses, telephone numbers, wages information and financial aid data could have been compromised.

Last week, Missouri Southern State University also revealed that it had been the victim of a data breach, after a targeted phishing campaign infiltrated employee email accounts.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.