Security Data Breaches Round Up: Higher Education
Higher Education’s Records Are Key PII and Credential Theft Targets
Where there is data to be harvested for fraud, there will be breaches. The question arises, why is a specific vertical industry more susceptible to breaches than others?
The irony for the education vertical is that much of it comes down to security awareness and risk education itself for students, teachers, administrators, and university and college employees.
Similar to the government vertical,
● Education legacy systems are generally a security issue
● Education technology departments have many regulations to comply with
● Education is viewed as easier targets
Also, the proliferation of technology use within the vertical coupled with an adoption of cloud technology use for educational purposes is exciting, yet very challenging to manage from a risk point of view.
In other cases, universities are being targeted by more sophisticated attackers when the numbers will yield a very large PII crop. The University of Maryland experienced a very large breach earlier this year that saw 300,000 data records with Social Security Numbers included. Similarly, Ohio State University was hit by an attack that affected 750,000 records in 2010.
SecurityScorecard is keeping a close watch on the vertical, and offers a roundup of breaches, research, and other key findings we have noticed over the last month.
Higher education increasingly vulnerable to security attacks. The amount of data generated by the student population in the university ecosystem is the main reason they are targets.
Students, teachers, and administrators in education are twice as likely to visit malicious sites than other end users in other industries. They are 20 times more likely to encounter websites impacted by BlackHat SEO than any other sector.
Harvard University has reported a breach of their IT services starting from June 19. The only compromised data reported as of yet has been login credentials and no other PII.
CSO reported database and PII dumps at universities including: USC, Princeton UCHV, University of Maryland, and the University of Delhi, and the group has been keeping a headcount on Twitter with all their purported attacks.
More than 1,000 pieces of data compromised in server breach of Algonquin college. Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected. he nursing program is delivered with the University of Ottawa, while the IT program is delivered with Carleton University.
Baltimore Neighborhood Indicator Alliance, which is affiliated with the University of Baltimore Business School, was breached to reflect images of ISIS. Website was not secured and was using outdated WordPress version which had many vulnerabilities.
The University of Santo Tomas Museum of Arts and Science was breached and displayed an altered home page reflecting territorial dispute sentiment over the West Phillippines sea.
The University Of Madrid in Spain was evidently hacked and PII was exposed in a dump.