Identity Fraud in Focus quarterly report
8 min
Other than the opportunity to learn and grow, if there’s one expectation placed on universities and colleges, it’s safety. Students, staff, and parents want to feel secure on campus and protected from physical and emotional harm.
Unfortunately, cybersecurity is becoming a growing source of insecurity at educational institutions across the nation.
Recently, the Georgia Institute of Technology, commonly referred to as “Georgia Tech,” announced an investigation into what appears to be a massive data breach. As many as 1.3 million people, including past and current students, applicants, and staff, may be affected.
Last month, the school discovered a hack that may have exposed victims’ Social Security numbers and other personally identifiable information.
In the Cyber Security Notification posted on the university’s website, the college revealed:
“The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, Social Security numbers, and even birth dates.”
This marks the second data breach at the school in less than a year. Last July, Georgia Tech mistakenly emailed personal information for nearly 8,000 students to other students. Social Security numbers were not exposed in the first breach, but other personal information — including birth dates, phone numbers, and grade-point averages — was compromised.
Georgia Tech is far from alone.
Higher education institutions have come increasingly under attack in the past few years. Incidents were up by more than 100 percent in 2017, compared to 2016. And it’s not just large campuses.
Three private colleges — Oberlin, in Ohio; Grinnell, in Iowa; and Hamilton, in New York — all had their applicant databases hacked, according to a recent article in the Washington Post. That same week, a second report documented attacks on more than two dozen universities in the U.S. and elsewhere in an alleged attempt to steal military-related research.
Large-scale data breaches have hit a variety of large companies and institutions, including healthcare systems and financial firms. Why have colleges and universities become the next target of choice? More importantly, what steps can these organizations take to protect their employees?
A target-rich environment
The type of personal data stolen in the Georgia Tech case is gold on the dark web. Educational institutions typically request and store sensitive financial data and personally identifiable information like Social Security numbers and addresses for both students and their parents.
Cybercriminals can easily sell the information to identity thieves who open new lines of credit and financial accounts, drain existing bank accounts, and conduct other criminal acts. Further, the compromised data is often used to blackmail victims.
Who’s protecting the data?
Hacking into an individual server, even one housed at a tech-savvy institution, long ago became routine. That’s why cloud-based data storage seemed ideal for protecting sensitive information.
However, even if the third party hosting the data follows proper cybersecurity protocols, there is one variable they can’t control: human error. In fact, this is actually the number one cause of data breaches.
While identity thieves, hackers, and cybercriminals are targeting educational organizations in record numbers, there are steps universities can take to protect their employees.
If you’re a broker with clients in the education industry, you might start by reading our complimentary one-sheet, “How Identity Theft and Data Breaches Affect the Education Industry.” It’s loaded with important information you can use when speaking with clients about the risks of today’s digital era and arming them with the knowledge they need to protect their employees.
Are you an employer in the education industry? Consider reading our downloadable guide, “HR Guide to Employee Data Protection and Identity Theft Prevention.” It includes a number of tools and resources you can use to keep your employees safe.
Need further assistance? That’s why we’re here. Feel free to contact us today.
If you're considering one of our services, want more information, or need assistance, please reach out. We’re here to help.