A series of data breaches at large universities has called attention to the need for stronger data encryption measures across enterprises. Colleges and universities perhaps want to believe that their educational status renders them invulnerable to attack, but unfortunately, that is not the case, as Tech Page One reported.
A host of different university attacks proved this in recent months, forcing school administrators to confront the need for stronger data protection software across the board.
University of Maryland: Hundreds of Thousands Breached
Since 1998, the university has been maintaining a database of personal information from staff, students and faculty including names, dates of birth and Social Security numbers, according to president Wallace Loh.
It is reasonable for members of a college community to assume that if the school asks for their Social Security number, that information will be kept private. And for a long time at the University of Maryland, it was.
But that changed in mid-February when a hacker breached the system, forcing Loh to admit in a public letter that the "sophisticated" attack had left the university scrambling to protect its reserve of personal information. But for the 309,079 victims, it was too late, as not only their information but also their trust had been breached.
Perhaps taking a cue from Target, the university offered all associated victims one year of free credit monitoring, only to later extend the offer to five years. After the retail giant was breached late last year, part of its effort to restore its reputation included providing all customers with a year of credit monitoring.
But whereas Target waited to disclose their breach, Loh was prompt and contrite, apologizing and promising to strengthen the University’s security infrastructure.
Johns Hopkins University: Unable to Prevent an Attack on its System
A similar attack occurred against Johns Hopkins University in Maryland when a hacker attempted to extort administrative network access from the university and exposed information from a private database when the university failed to comply, according to The Associated Press.
The attack was not as large as the one against Maryland, nor was the nature of the breached data as risky. Still, the mere presence of the attack suggests that university security breaches are by no means isolated incidents.
To take steps against attacks, all organizations, including enterprises and educational institutions, must implement strong authentication software to guarantee that data is only available to those who are meant to access it.