attack

‘Sophisticated attack’ exposes 300K university records


Personal data from the records of more than 300,000 University of Maryland (UMD) students, faculty, staff, and various personnel were exposed in a massive data breach Feb. 19.

The data breach, announced Feb. 20, could include personal information of anyone who has been issued a university ID since 1998.

maryland-university-attackUMD President Wallace Loh said in a statement that the breach was a result of a “sophisticated computer security attack” on a “specific database of records maintained by our IT Division.”

Those who leveled the cyberattack on the university’s database had a “very significant understanding” of how the school stored and protected its records, according to a report in The Washington Post.

The exposed personal information, Loh said, includes name, Social Security number, and date of birth. Financial, academic, and health information was not compromised in the hack.

Universities: key cogs in the cybersecurity fight

Deena Coffman, CEO of consulting for the data security company Identity Theft 911, said higher education has struggled with data breaches due in large part to the campus culture.

“Universities have a culture of sharing and collaboration which lends them to not protect information,” she said. “They also don’t invest in technology, and they have collected years, decades actually, of personal information on students, parents and research subjects that they tend not to delete.”

“[Universities] will keep an old server around until anyone who remembered that it held sensitive information has graduated or left then decide to use it to post information,” Coffman continued.

Melissa De Candia, a sophomore journalism student at UMD, said she wasn’t pleased with that way the university had dealt with the security breach, as the university’s student paper reported the records were compromised well before the school made an official announcement.

“I am definitely concerned about the recent data breach. I’m usually very careful about who I give my information to and knowing someone might be using it is pretty worrisome,” said De Candia, 19. “… The eMail I received from the university basically just apologized, which wasn’t all that reassuring for me.”

UMD will provide a credit monitoring service for anyone impacted by the data breach. Coffman described this measure — a common one after universities are hacked — as “inadequate.”

The UMD breach came just a week after colleges and universities began considering the adoption of a White House cybersecurity framework meant to better protect sensitive information for institutions and organizations of all kinds.

The Department of Commerce’s National Institute of Standards and Technology (NIST) consolidated input from the private and public sectors in creating the cybersecurity framework’s set of standards, best practices, and guidelines.

The high level summary of the White House’s cybersecurity framework includes the following: Identify, protect, detect, respond, recover.

eCampus News editorial intern Mike Siegel contributed to this report.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Oops! We could not locate your form.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.