Three Universities in the United States have recently disclosed data breach incidents that exposed personally identifiable information of students and working staff. The three universities, Graceland University, Oregon State University, and Missouri Southern State University, stated that unknown intruders made unauthorized access to some of their employees’ email accounts.
The exposed information included, students’ full name, social security number, date of birth, address, telephone number, email address, parents/children, salary information, and financial aid information for enrollment.
The students and employees whose personal information was potentially stolen or accessed in the incident have been notified. The security professionals at the universities clarified that no evidence has been found of the impacted personal information being stolen or used in a malicious manner.
Oregon State University announced that 636 student records and family details of students containing sensitive information were potentially affected by the incident.
“OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information,” said Steve Clark, the university’s vice president for university relations and marketing. “While we have no indication at this time that the personal information was seen or used, OSU has notified these students and family members of this incident. And we have offered information about support services that are available, including 12 months of credit monitoring services that the university will enable at no cost.”
The Graceland University stated that it became aware of the unauthorized activity in which the hackers gained access to the email accounts of current employees, including the contents and attachments connected to those accounts. The officials said that the intruders accessed the individual accounts on March 29, 2019, and from April 1-30 and April 12-May 1, 2019, respectively. And, the Missouri Southern State University (MSSU) reported to the Office of the Vermont Attorney General about the cyber-attack triggered by a phishing email on January 9, 2019.
“The email contained a link, which, when clicked, allowed the perpetrator, to potentially copy that employee’s Office 365 account. Unfortunately, several employees fell victim to the fraudulent scheme. As soon as it detected this attack, the university contacted law enforcement and was directed to delay notification of potentially affected individuals until its investigation was complete. The university immediately engaged a leading forensic investigation firm to look into the matter and undertook enhancements to its already robust IT systems to block potential email exploitation, including a mass password reset of all employee Office 365 accounts,” the University said in a statement.
Recently, the Australian National University discovered a major data breach that affected students’ and University’s sensitive information. According to the University’s Vice-Chancellor Brian Schmidt, unknown cybercriminals attacked University’s systems and accessed personal information late in 2018, which was recently discovered by the University authorities on May 17, 2019. It’s believed that the hackers had unauthorized access to 19 years of significant amounts of information related to personal staff, students, and visitors.
The exposed information included names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, passport details, and student academic records, according to Schmidt. However, Schmidt clarified that the data like credit card details, travel information, medical records, police checks, workers’ compensation, vehicle registration numbers, and some performance records were not affected by the incident.