Georgia Tech is reporting that it suffered a data breach when a Georgia Institute of Technology web app exposed the information on 1.3 million current and former students, student applicants along with staff members.
The incident was discovered in late March, the school stated adding the breach is being investigated by the Georgia Tech cybersecurity team to determine the extent of the damage, but early indications are the compromised information could include names, addresses, Social Security numbers and birth dates
“The U.S. Department of Education and University System of Georgia have been notified, and those whose data was exposed will be contacted as soon as possible regarding available credit monitoring services,” the school said.
This is the second data breach the Yellow Jackets have have endured. In 2018 8,000 students were affected when there information was accidentally emailed to the wrong person.
Over the last several years Georgia has become a cybersecurity hub. In January 2017 Georgia Gov. Nathan Deal announced the state would invest $60 million for a cyber range and training facility named the Hull McKnight Georgia Cyber Innovation and Training Center at the school’s Augusta University Riverfront Campus that will combine expertise in academia, private industry and government to establish statewide cybersecurity standards. The center is located very close to the U.S. Army Cyber Command, the US Army Cyber Center of Excellence and the National Security Agency at Fort Gordon, Ga.
This fact was not lost on Dan Tuchler, CMO at SecurityFirst.
“How ironic that a university with a high ranking in computer science, which offers courses in cybersecurity, got hacked. This in a state which has had privacy regulations in place – the Georgia Personal Identity Protection Act – since 2007. This is a clear example of the need for encryption of personal data. Hackers always find a way in and they need to be stopped before they get the personal data,” Tuchler said.
The school gave no details on the web application at the center of the breach, but industry experts told SC Media the amount and type of information a large institution like Georgia Tech maintains makes it imperative that it maintain security.
“On Georgia Tech’s website, it boasts of 173 industry collaborators and 62 U.S. patents issued in 2017 alone. If the university doesn’t tighten its security controls, this kind of proprietary data is likely to be placed at risk. This is particularly true now that organizations are storing and sharing data in the cloud more than ever before,” said Anurag Kahol, CTO at Bitglass.
Ben Goodman, VP of global strategy and innovation at ForgeRock, believes the type of information that was likely removed by the malicious actors will quickly make its way to markets on the dark web.
“Academic institutions are a growing target for attacks given the personally identifiable information they collect for tens of thousands of students, employees, donors and partners. This data will quickly make its way to the dark web where it will be used for identity theft, synthetic identity creation and robotic account takeovers,” he said.