The University of Central Florida is the latest educational institute to suffer from a data breach, putting the social security numbers of over 63,000 individuals at risk.
The Social Security numbers and names of both current and former students, as well as employees and staff, have been stolen by hackers, as stated by officials Thursday, February 4.
According to Joel Hartman, Supervisor of the university’s IT Department, UCF first noticed that someone had accessed the administrative systems on January 8, but then realized on January 15 that the data breach affected a much larger number of people than once thought.
Those impacted by this breach include:
- 600 Current Student-Athletes
- Former Student- Athletes Who Last Played Sports In 2014-2015
- Study Staff Manager For The Teams & Other Related Positions
- Current UCF Employees
- Past UCF Employees Dating From 1980-Present
- Undergraduate Student Employees
- Graduate Assistant
- Housing Resident Assistant
- Adjunct Faculty Instructors
- Student Government Leads
- Faculty Members Who Were Paid For Teaching Additional Classes
The University has stated that no credit card information or grades have been compromised, but other information in additional to Social Security numbers & names like student and employee ID numbers have been stolen as well.
While the delay on notifying victims is currently unknown, those who are affected are being sent letters in the mail Friday, and in the meantime are asked to visit UCF Data Security web page for additional information.
The perpetrator is still unclear, but the University feels it was likely executed by multiple individuals over time. At this time, there is no evidence that someone has attempted to use this information for identity theft, fraud, or any other financial means.
While UCF has not confirmed that a hacker gained access to the database through ‘phishing’, generally hackers do this quite easily and trick an employee into opening and logging into a fake server to get the user’s name & login information.
Education institutes hold a treasure trove of information, from financial data and health records to social security numbers and grades. Holding this sensitive personal information means these institutes have various different compliance requirements to fulfill, and if not compliant, can be placing the information of thousands of individuals at risk.
Hackers are becoming more and more sophisticated with their means of attack and these institutions should remain vigilant and alert when it comes to securing this sensitive personally identifiable information. Making sure your system is hardening & vulnerability free, coupled with Continuous File Integrity Monitoring and Breach Detection & Host Intrusion Detection will help protect your IT estate against a malicious attack.
For helpful tips on how to avoid falling victim to a phishing scam, click here to read "Batten Down the Hatches! Looking at Ways to Enhance Protection Against Ransomware, APTs, and other Phishing Malware"