Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

Security Data Breaches Round Up: Higher Education

Higher Education’s Records Are Key PII and Credential Theft Targets

Where there is data to be harvested for fraud, there will be breaches. The question arises, why is a specific vertical industry more susceptible to breaches than others?

The irony for the education vertical is that much of it comes down to security awareness and risk education itself for students, teachers, administrators, and university and college employees.

Similar to the government vertical,

● Education legacy systems are generally a security issue

● Education technology departments have many regulations to comply with

● Education is viewed as easier targets

Also, the proliferation of technology use within the vertical coupled with an adoption of cloud technology use for educational purposes is exciting, yet very challenging to manage from a risk point of view.

In other cases, universities are being targeted by more sophisticated attackers when the numbers will yield a very large PII crop. The University of Maryland experienced a very large breach earlier this year that saw 300,000 data records with Social Security Numbers included. Similarly, Ohio State University was hit by an attack that affected 750,000 records in 2010.

SecurityScorecard is keeping a close watch on the vertical, and offers a roundup of breaches, research, and other key findings we have noticed over the last month.

The Roundup

Universities Increasingly Vulnerable To Cyberattacks

Higher education increasingly vulnerable to security attacks. The amount of data generated by the student population in the university ecosystem is the main reason they are targets.

End Users in the Education Sector Are Twice as Likely to Visit Malicious Sites

Students, teachers, and administrators in education are twice as likely to visit malicious sites than other end users in other industries. They are 20 times more likely to encounter websites impacted by BlackHat SEO than any other sector.

Harvard University suffers IT security breach

Harvard University has reported a breach of their IT services starting from June 19. The only compromised data reported as of yet has been login credentials and no other PII.

Hacktivist group possibly compromised hundreds of websites

CSO reported database and PII dumps at universities including: USC, Princeton UCHV, University of Maryland, and the University of Delhi, and the group has been keeping a headcount on Twitter with all their purported attacks.

Algonquin College server hacked but no data taken, college says

More than 1,000 pieces of data compromised in server breach of Algonquin college. Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected. he nursing program is delivered with the University of Ottawa, while the IT program is delivered with Carleton University.

University of Baltimore affiliated website hacked

Baltimore Neighborhood Indicator Alliance, which is affiliated with the University of Baltimore Business School, was breached to reflect images of ISIS. Website was not secured and was using outdated WordPress version which had many vulnerabilities.

UST Museum website hacked, shows ‘warning from China 1937CN team’

The University of Santo Tomas Museum of Arts and Science was breached and displayed an altered home page reflecting territorial dispute sentiment over the West Phillippines sea.

University Of Madrid Is Hacked By KelvinSecTeam

The University Of Madrid in Spain was evidently hacked and PII was exposed in a dump.





How SecurityScorecard Works



The Problem With Corporate Email Addresses on Social Networks
[Case Study] How To Operationalize Third Party Risk Management