new-logo-1080new-logo-1080new-logo-1080new-logo-1080
  • Products
    • Single Sign-OnCentralized one-click secure access to all your apps
    • Smart Password Manager Empower users to reset passwords on their own using smart factors
    • Adaptive Authentication Detect high risk logins based on user behavior and prompt MFA
    • User Self-Registration Eliminate the practice of sending default passwords to new users joining the institution
    • Automated Provisioning Manage digital identities and onboard users on the fly by providing the right permissions in real-time
    • Mobile AppAccess all your applications using a single set of credentials from mobile
    • Passwordless AuthenticationEliminate Passwords, Go Passwordless!
    • APPLICATION INTEGRATION Simplifying application integration across the cloud to achieve security and compliance
  • Partners
  • Pricing
  • Customers
  • Events
    • Conferences
    • Upcoming Webinars
    • Working Group
  • Company
    • About Us
    • Newsroom
    • Resources
    • Careers
    • Contact Us
  • Blog
Get a Demo

The Biggest Higher Ed Data Breaches in 2019

Published by IAM Expert at November 1, 2019


Data breaches not only affect individuals but also tarnish the reputation of the organization for years to come. From lost trust to regulatory fines to remedial costs, data breaches have many major impacts. As per the annual Cost of a Data Breach Report 2019, conducted by the Ponemon Institute the average total cost of a data breach is $3.92 million. As higher ed institutions adapt to new technologies, they also fall prey to malicious factors. Here is a list of the biggest higher ed data breaches in 2019, and their impact:

Australian National University

On 4th June 2019, the Australian National University confirmed the May and November 2018 data breach of nearly 200,000 people. According to the executive summary of the report, the intrusion for the second attack was first detected in April 2019 during a baseline threat hunting exercise. During this process, they discovered the network traffic data which suggested the presence of a malicious actor with characteristics different from the one detected by the University in May 2018.

The initial attack was done through a sophisticated spear-phishing email that only required users to click on a link or download an attachment. The attack affected the ANU network for almost 6 weeks with the most malicious activity ending around mid-December 2018. The attacker(s) eluded detection systems by evolving their techniques during the attack. They also used custom malware and operational security.

As per the Vice-Chancellor of the Australian National University, “The perpetrators of our data breach were extremely sophisticated. This report details the level of sophistication, the likes of which has shocked even the most experienced Australian security experts.”

The cyber attacker(s) accessed names, addresses, date of births, personal emails, tax file numbers, bank details, passport, and academic records of the victims. As per the report published by the Australian National University (ANU), hackers took much less than the 19 years’ worth of data.

Oberlin College, Grinnell College, and Hamilton College

Oberlin College in Ohio, Grinnell College in Iowa and Hamilton College in New York fell prey to a single attack. The hacker broke into Slate, an applicant management software, used by the three colleges and got access to admissions materials from the applicants of the Class of 2023.

A Hamilton College admission staff discovered the hack on Monday, March 4, 2019, upon realizing that their password had been compromised. The admission department of Hamilton College further discovered that the hackers accessed the database by using an employee’s password and that attackers had attempted to send an email to Hamilton applicants. However, due to the security restrictions at Hamilton College, the hacker’s attempt to send an email to the Class of 2023 applicants failed. On the other hand, it is allegedly said that the same attempt ran successfully at Grinnell College. But, later, even applicants from Hamilton College reported receiving messages.

Applicants received emails, offering them access to confidential information regarding their admission file for a fee. Allegedly, every applicant ended up paying $3800 or more for their file. Thereafter, hackers sent a subsequent email to offer a limited amount of information at $60. Hackers also got access to valuable personal data including names, addresses, birthdays, etc.

On the other hand, Alexander Clark, CEO Technolutions Inc. said that “Slate had not been compromised and that the hackers gained entry to the system through the affected colleges’ password-reset system, not through Slate itself.”

Oregon State University

In June 2019, Oregon State University (OSU) announced the occurrence of a data breach of 636 students and family records during the month of May. Information pertaining to Personally Identifiable Information (PII) has been potentially affected by this breach.

As of now, the university hasn’t revealed the part of PII that has been breached, but, PII generally contains names, addresses, telephone numbers, Social Security numbers, etc. Also, generally financial records aren’t considered as part of PII during data leaks. However, there is still no surety whether the names, birthdates, and Social Security numbers of both current, and prospective students as well as their family members, are or aren’t exposed.

The US university further elaborated that an OSU employee’s e-mail account was hacked by individuals outside the university, and subsequently used to send phishing e-mails. Upon further research by an OSU forensic specialist, it was found that several documents within the OSU employees’ inbox had personal information of 636 students and family members of students.

University of Connecticut

In February 2019, UConn Health an academic branch of the University of Connecticut that oversees clinical care, advanced biomedical research, and academic education in medicine announced a breach of 326,000 patients. As per the official notice, UConn Health determined on December 24, 2018, that “an unauthorized third party illegally accessed a limited number of employee email accounts.” It also stated that the accounts contained some personal information like individuals’ names, dates of birth, addresses. Along with this, it also had limited medical information like billing and appointment information, as well as the Social Security numbers of a few individuals.

The University of Connecticut and UConn Health faced a class-action lawsuit because of the data breach and putting patient identities at risk.

But, many of these attacks could have been prevented by using an IAM suite. In addition to IAM, these higher ed institutions could have boosted their security from the beginning by using MFA at an app-level MFA, or by implementing MFA with their Single Sign-On solution. QuickLaunch has already helped to boost the security of more than 500+ higher ed institutions in the past few years. Try our 30-days free trial to know more about QuickLaunch IAM and the benefits it can offer to your institution.

Recent Post

  • Closing The Zero Trust Gap: A Quick Read into The Future of Cybersecurity May 17, 2022
  • 4 Reasons Why Microsoft Customers Choose QuickLaunch for Identity Management May 4, 2022
  • Two-Factor vs. Multifactor Authentication: What’s the Difference? April 20, 2022
  • How Identity and Access Management Shields Your Higher Education Institution in 4 Steps April 13, 2022
  • Implementing IAM in Your Organization: A Framework April 4, 2022
Share
6

Related posts

May 17, 2022

Closing The Zero Trust Gap: A Quick Read into The Future of Cybersecurity


Read more
May 4, 2022

4 Reasons Why Microsoft Customers Choose QuickLaunch for Identity Management


Read more
April 20, 2022

Two-Factor vs. Multifactor Authentication: What’s the Difference?


Read more
logo

Products


  • Single Sign-On
  • Smart Password Manager
  • Adaptive Authentication
  • Automated Provisioning
  • User Self-Registration
  • Application Integration
  • Mobile

Quick Links


  • QuickLaunch Premium
  • Passwordless Authentication
  • Product Accessibility
  • Role-Based Access Control
  • GDPR Compliance
  • QuickLaunch 5: End-of-Life
  • QuickLaunch 5 vs QuickLaunch 8

About Us


  • Company
  • Contact Us
  • Partners
  • Newsroom
  • Privacy Policy

Social


©2022 QuickLaunch, Inc. All rights reserved.