Two More Colleges Exposed: Indiana University and North Dakota University

collegeThere seems to be a rise lately in the number of campuses that are being subject to data breaches. Today it was brought to light that North Dakota University’s database was compromised exposing around 300K current and former student’s information along with some of their staff as well. Last week, Indiana University informed nearly 146,000 recent graduates and students that their seven-campus data system had accidentally exposed.

This news comes on the heels of the recent University of Maryland breach that effected over 300,000 students, staff, and faculty.

Indiana University

In the case of the Indiana University breach, the accidental exposure to the general public was carried out via three automated search engine web crawlers and was apparently indexed three times over the past year.

The exposed information included all of the needed information to steal a person’s identity easily, including names, addresses, and social security numbers.  This data was all being contained in an unsecure location that was easily accessed by the data-mining applications.

The three web crawlers have not been identified at the time of this article, but the University noted that the actions were carried out in a non-malicious way, by regular search engine web crawlers. The good news to report is, no servers or systems were compromised during this data mining.

Education Link Banner

James Kennedy, the school’s Associate Vice President of Student Services and Systems said; “This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote…”

“At the same time, we have moved quickly to secure the data and are conducting a thorough investigation into our information handling process to ensure that this doesn’t happen again.”

North Dakota University

North Dakota University came forth with news that nearly 300K current students, former students, and faculty may be at risk due to a recent hacking. The effected student’s and faculty’s personal information, including names and social security numbers, were exposed during the breach.

North Dakota University came forth with a notification for all that were possibly impacted on their website this past Wednesday. Their IT service provider, Core Technology Services, had been tipped off about the intrusion on February 7, with the initial intrusion taking place back in October of 2013. It would appear that the attack was made by using compromised credentials that had been obtained by an unauthorized user. Once this discovery was made they immediately shut down the affected server.

The tipster in this case was actually a victim of identity fraud rooting back to the breach.

What is this world coming to?

Back twenty years ago, data breaches did happen; people would steal files from offices or files would mysteriously go missing. Fast forward to current day; with so much of our personal information being held on networks, it is now easier for thieves to steal your personal data without even being on the same continent.

This is why it is now more important than ever to make sure that you are doing everything to protect your network from an attack.

One of the best ways to defend your campus against these types of attacks is to deploy a two-factor authentication solution. This would prevent a user’s credentials from being stolen because there would be a required one-time password needed in order to access the account. This one-time password could be provided a number of secure ways including sending a text-message to a preregistered cell phone.

Many colleges and universities trust their sensitive information to be protected via a web portal that can only be accessed by authorized users. These entry points need to be protected by strong authentication, which more and more campuses are trusting to the authentication experts at PortalGuard.


Leave a Reply

Your email address will not be published. Required fields are marked *