Breach prompts New York college to commit over $3M to cyber investment

New York-based Marymount Manhattan College has agreed to allocate $3.5 million toward cybersecurity measures over the next six years instead of paying a $1 million fine to the state of New York after a data breach two years ago, which compromised almost 200,000 individuals' data, reports EdScoop. Aside from establishing an extensive information security program, Marymount Manhattan College would also use the investment to implement universal encryption of personal data and multi-factor authentication across its network. Investigation by the Office of the New York State Attorney General revealed that Microsoft Exchange server vulnerabilities have been targeted by a still undetermined threat operation to compromise Marymount and later encrypt its servers, with the college also discovered to leverage outdated Windows software and lack student data deletion policies, as well as fail to perform vulnerability scanning and penetration testing. "In the modern digital age, companies and universities alike must do a better job at safeguarding the personal information with which they are entrusted. This agreement will help ensure that future classes of MMC students, faculty, and alumni will have their online data protected," said New York State Attorney General Letitia James.