More Compromised Students and Faculty

butlerlogoblue

Recently, there was yet another security breach at a college campus. This time the victim was Butler University, where a hacker accessed over 160,000 records for current, past students and faculty. The information stolen was the typical pertinent information that is stolen in this type of breach.

Names, Social Security numbers, date of birth, and bank account information.

The announcement of this breach comes due to an identity theft investigation that came from California law enforcement. The perpetrator that was caught possessed a flash drive that contained all of the data stolen from Butler University. Through the work of a third party investigator, it was uncovered that the information was stolen by remote hackers who accessed the Universities network between November 2013 and May 2014.

When will all of this craziness stop and people take security seriously?

I find it interesting that there is not more of an outcry from the general public to make sure that organizations are protecting their information. It used to be that colleges and universities were less likely to get attacked, since students typically do not have any credit in general. However, this year we have seen two other colleges in the spring and a high school earlier this summer.

There are schools, like Dalton State College and Clermont Northeastern School District, that have taken a serious look at this problem and addressed it by partnering with PortalGuard to deploy a two-factor authentication solution. By adding a two-factor authentication solution to their environment, they are able to ensure that the end-user is who they claim to be and not an imposter or hacker. This type of authentication can also deter man-in-the-middle attacks as well.

 

Violated Database: Montana Department of Public Health and Human Services

Creeper

Your car has been broken into, yet nothing was stolen. Nothing was stolen, so no big deal, right? WRONG! You would still feel violated, creeped out, and concerned about it happening again. The Montana Health Department has experienced a similar data breach.

 

On May 15th, Montana’s Department of Public Health and Human Services (DPHHS) officials noticed out of the ordinary activity. After further investigation, DPHHS confirmed that a server had been breached by hackers, and according to Alison Diana’s article Montana Health Department Hacked,“1.3 million people of the incident” are being notified of the breach and ensured that their information will be protected. Diana continues by stating, “there is no evidence this information was used inappropriately – or even accessed.”

 

At the moment, DPHHS is ensuring that a stronger security solution will be put in place to prevent such attacks from happening again, and extra measures are being taken to ensure that all citizen information is not compromised. There is a help line that DPHHS has on their website with information for potentially affected patients.

 

Diana continues in her article on the increase in attacks on healthcare databases, “many healthcare breaches have historically resulted from employee carelessness or error, hackers are increasingly attracted to this industry’s rich stash of personal data — including Social Security numbers, credit card information, and addresses — and personal health information.” With all this private information being housed within a healthcare database, it is imperative that a stronger authentication solution be put in place, along with educating employees on Password Best Practices (PBP). Many IT professionals are turning to PortalGuard for Healthcare for stronger security and increased usability for their corporation.

 

 

http://www.informationweek.com/healthcare/security-and-privacy/montana-health-department-hacked/d/d-id/1278872

Young Hacker Infiltrates High School Database

TeenageHacker

We live in a world with multiple cyber threats, many coming from alias names from countries we have never been to. Within the United States, we have our fair share of hackers that cause major problems and confiscate sensitive data. It is sad and eye opening when it happens on the high school level.

 

Recently, a 16-year-old boy gained access to a school database that held personal information like grades and attendance. By gaining access to this database, the student was able to change multiple attendance records and grades.

 

According to Ashley Carmen’s SC Magazine article “Orange Public School district staff and authorities believe the student accessed the computer system through a teacher’s login credentials . . ., however, they aren’t sure of how he obtained access to the teacher’s password.” With the privacy and safety of students being top priority over the last decade or so, it is surprising that many K-12 schools have not deployed a second factor for account logins for both students and faculty.

 

With this account hacking comes “multiple counts of second-degree computer theft for unlawfully accessing and altering data and one count of hindering apprehension,” according to Carmen. This case is going to be handled in Family Court.

 

As K-12 schools begin to invest in identity solutions, many are turning to PortalGuard for education, giving them stronger security and increased usability.

 

 

http://www.scmagazine.com/new-jersey-teen-charged-after-altering-students-grades-and-attendance-records/article/358103/