Ohio State reports massive network security breach

OSU discovered the security lapse in late October and hired “the nation’s best computer forensic consultants” to search the school’s network and check what, if anything, had been taken from university records.

In late November, after a month of investigation, the forensic consultants told OSU officials that “there was no evidence that any data were taken out of the system by unauthorized individuals,” according to the school’s statement. “The experts did find evidence that the purpose of the unauthorized access was to launch cyber attacks.”

“We are committed to maintaining the privacy of sensitive information and continually work to enhance our systems and practices to reduce the likelihood of such events occurring,” said Joseph Alutto, Ohio State’s provost.

Michael Maloof, chief technology officer for information management company TriGeo Network Security, said universities’ penchant for collecting and keeping sensitive information will continue to attract online hackers looking for databases rich with valuable information.

“The vast accumulation of data is exactly why higher education is such a lucrative target for attacks,” Maloof said, adding that constant monitoring could be the only way for college IT officials to fend off hackers. “Real-time monitoring of sensitive systems and data can spot suspicious behavior, either from inside or outside the organization, while there’s still time to act.”

Most importantly, Maloof said, campus technologists should ensure that the institution’s most sensitive data is encrypted.

“Both data in transit – especially across open university networks – and data at rest should be encrypted so that a breach will have little chance of capturing massive amounts of usable information,” he said.

The scale of OSU’s network breach separates the incident from other security compromises in higher education.

Although no personal information was stolen, the 760,000 people listed on the server is more than faculty, staff, and student records stolen in all U.S. colleges and universities last year.

Comments are closed.

"(Required)" indicates required fields