Recently, a successful cyberattack hit Oregon State University compromising personal information of hundreds of students including their family members. The university announced that a total of 636 students and family’s records containing personally identifiable information were compromised due to a cyberattack that occurred in early May 2019.
Individuals outside the university hacked an OSU employee’s e-mail account and used it to send phishing e-mails across the nation. OSU undergone investigation with the help of cyber security specialists and found several documents in the breached inbox of the OSU employee’s e-mail account that contains personal information of 636 students including their family members.
The university has not yet made it clear to the public what type of information has been compromised, but in general, this personal information could include names, addresses, dates of birth, phone numbers, personal email addresses, and emergency contact details. Financial records, in general, are not considered in the data leaks.
Steve Clark, the university’s vice president for university relations and marketing, said in a statement that OSU is conducting an investigation to determine whether the cyber attacker either viewed or copied these documents with personal information. Even though there is no indication that the personal information was seen or used, OSU has notified its students and their family members regarding the incident. He also added that the university is offering information about support services that are available, including 12 months of credit monitoring services that the university will enable at no cost.
Mr. Clark made it clear to the public that the employee in question has access to personal information of students and their family members because it is part of the employee’s work. The employee worked with prospective students to determine if they could be admitted to the university or could qualify for financial aid.
The university is now under going fraud monitoring and providing online fraud prevention to its systems as well as reviewing many protection procedures and IT systems the university uses to guard its information systems, e-mail accounts, and student and family records. Mr. Clark also added that they will continue to monitor such efforts and systems, and take further steps to protect the university’s information technology and sensitive data.
The university also set up customer service call center to provide people whose data could have been accessed through the breach information about how to monitor or freeze their credit, if they believe it is necessary.
Aside from the Oregon State University’s cyberattack, similar data breach attacks have also been reported targeting numerous universities. One of these universities that suffered massive data breach was the Georgia Institute of Technology, popularly known as Georgia Tech. Georgia Tech suffered data breach compromising 1.3 million staff and student records after attackers exploited a web app vulnerability.
Graceland University in Missouri also suffered data breach when it was discovered that an unauthorized party gained access to staff email accounts on three separate occasions.The university did not disclose the affected records but eventually, the university admitted that the compromised data includes social security numbers, birth dates, residential addresses, telephone numbers, wages information and financial aid data.