Authentication Strategy Can Help Fight Off University Data Breaches (Part 2)

Authentication measures can protect students' data.

Authentication measures can protect students’ data.

In Part 1, we discussed a breach on a database at Indiana University. The breach — which resulted from a vulnerability in the school’s authentication measures — cost the school upwards of $80,000, not to mention more the than 700 hours of work it has taken to recover, according to The Bloomington Herald-Times. But unfortunately, Indiana is not alone in grappling with breaches that attack a university’s vulnerabilities.

A problem in North Dakota affects nearly 300,000
February appears to be the month of university attacks. In the same month that Indiana University fell victim to its breach, the IT team at North Dakota University was dealt a similarly unfortunate hand, according to The Associated Press.

The breach attacked a database containing highly privileged information for almost 300,000 students, as well as more than 700 members of faculty and staff. Because this data included Social Security numbers, the campus swung into top defense mode.

“It is very unfortunate that this happened,” the University’s interim chancellor Larry Skogen said. But the university added that to its knowledge, none of the potentially breached information had been stolen.

Like Indiana University, NDU launched a call center in the wake of the attack aimed at fielding questions and addressing concerns, in addition to offering a free service for those affected to safeguard individual identity according to the university.

“Incidents like this can be distressing, so we’ve taken the extra step of offering identity protection services for the next year to all those affected,” Skogen said.

Central Oklahoma another victim in wave of university attacks 
Joining the rapidly expanding roster of universities hit by suspicious server access is the University of Central Oklahoma, which reported recently that a server containing highly private staff information — including, as in the NDU attack, Social Security numbers — had likely been maliciously accessed, according to the Oklahoman.

“We can’t confirm that information has been stolen. We do know it was accessed,” vice president for university relations Charlie Johnson said.

Police are getting involved, and other organizations may also get in on the investigation. But in an age when data attackers operate with an unprecedented degree of sophistication and covertness, locating the culprit may be a very challenging feat.

Benefits of authentication for operations of any scale 
One indispensable means of protection is a strong authentication system, which, according to the University of Illinois, provides the individual security infrastructure that actively works to keep out the bad elements.

However, it is understandable that some organizations — particularly those who have been entrusted with highly privileged user data, such as the universities that were breached — may want even more stringent identity protection measures in place.

For these groups, two-factor authentication exists to provide an even more rigorous security wall. Often called strong or multifactor authentication, this approach makes it difficult for attackers to break into a system, because of the presence of an additional means of protection that authenticates identities of users, devices, machines and more.

Just as a prison that is equipped with two tall fences is more likely to keep criminals from escaping, a two-factor authentication system is better suited than its one-step counterpart to prevent criminals from breaking in.

Many successful Internet giants employ this strategy to maintain the trusting relationship they have with their users. Google, for example, harnesses a two-step process for many of its user platforms, particularly those that would otherwise be easily breachable. So do big social networking companies like Twitter and LinkedIn.

Implementing a solid authentication infrastructure is recommended for all businesses, though — not just the giants. Companies can better guard the safety of their information by working in a strong authentication strategy.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.

1 Comment

Add to the Conversation