Authentication Strategy Can Help Fight Off University Data Breaches (Part 1)

Unfortunately college students are as susceptible as any to malware incursions.

Unfortunately college students are as susceptible as any to malware incursions.

Individuals and organizations alike must focus on protecting their identities. After all, the encroachment of malware on legitimate enterprises is more of a problem now than ever before. Everyone — from individuals to businesses to universities — is susceptible to its potentially devastating effects.

However, those who take additional measures to safeguard their identity can end up protecting themselves from having their information stolen.

Unfortunately, data breaches are a reality of the world we live in, as a continuing series of attacks on universities show. The expansive and organized nature of these attacks points to the need for all computing users to seriously consider the benefits of implementing a solid authentication plan.

Bad authentication measures cost Indiana University
Some organizations may feel that the implementation of an authentication strategy would take too much time. But the clean-up after a data breach will require exponentially more man hours 100 percent of the time.

Just ask the faculty and IT staff at Indiana University, who have spent a combined 700 hours (and counting) recovering from a breach that exposed confidential information for 146,000 students and recent graduates, according to The Bloomington Herald-Times. The hundreds of hours required to deal with the breach likely left employees having to work overtime.

The breach — which occurred at the end of February and compromised a database containing information for students who attended between 2011 and 2014 — has so far cost the university more than $80,000. A call center set up to deal with the fallout of the breach has been fielding a barrage of calls, with more than 900 so far (of these calls, about half came in on the first day the center was open).

And what was the root cause of the attack? A vulnerability in the university’s authentication infrastructure. This weakness allowed three so-called “web crawlers” to sneak into the system and covertly access it without university technology staff even realizing they were there.

The benefits of a solid authentication strategy are felt immediately. The consequences of not having one can be experienced for a long time.

That is a lesson Indiana University’s administrators are learning the hard way, as they acknowledge that the call center — which was set up at a cost of $75,000 — will remain open, since calls from affected parties are still rolling in.

“The call center is still open at least through the end of next week,” university spokesperson Mark Land said.

According to local ABC affiliate RTV6, the school was forced to spend $6,000 printing up and mailing physical letters to the 6,200 affected people who did not have email addresses recorded with the university.

The costly repercussions of this breach are serving as a warning to other organizations to better safeguard data and secure the identities authorized to access it.. But unfortunately Indiana University is not the only institution of its kind to have been recently compromised.

Tune in to Part 2 to read about more breaches on education institutions, and the authentication strategies that can prevent against future attacks.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation