This week the University of Maryland came forth with an announcement that their campus data base had been breached, exposing sensitive information for over 300,000 students and faculty. The data breach comes on the heels of many other similar data breaches at retailers across the US including Target, Neaman Marcus, and Michaels Craft Stores.
According to a letter from University of Maryland President, Wallace D. Loh on February 19, 2014; “A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students, and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised — no financial, academic, health, or contact (phone, address) information.”
Although the information was limited to the aforementioned personal information, those are almost all of the key things needed to steal someone’s identity.
Kudos to the University for being so forthcoming with information, some companies would rather sit on the information until they have investigated more into the cause, which could lead to more problems for all involved. I think that other companies should take note of the steadfastness that the University has shown, notifying those whose information has been exposed and providing them with the support that they need to curb their fears. The University provided all involved with tips on what to look for with possible cases of fraud that can be connected to such data breach. However, it has yet to be seen if the University will provide the 309,079 with the standard credit monitoring service that has been seen in other recent breaches of the same caliber.
President Loh also noted, “With the assistance of experts, we are handling this matter with an abundance of caution and diligence. Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”
Security breaches like these cannot always be prevented, but it is important to make sure that your campus or company is properly equipped to combat these types of attacks. There are a few ways to ensure that your data is being guarded from unauthorized users, this includes incorporating a two-factor solution where the person logging in would need to verify their identity by having to input a one-time use password that would be sent to a separate device like an enrolled cell phone. Many campuses and companies turn to authentication experts like PortalGuard to provide the authentication solutions that have been independently tested and proven to enhance security.