On August 3, the NDUS (North Dakota University System) reported an employee’s email account had been accessed by an unauthorized user.
NDUS Chancellor Mark Hagerott, who led staff of the university in a security measures protocol meeting immediately following the discovery, said: “Information security is very important to us, and NDUS has consistently worked to minimize these types of interferences […] It is a sobering reality that education is often targeted by criminal elements in today’s global assaults on IT systems.”
According to NDUS, the reported breach contained no credit card or bank account information. However, it contained personal information, such as names and Social Security numbers of about 9,400 individuals.
Hagerott emphasized to faculty and students that “It is important that all faculty, staff and students from the 11 campuses within the university system – especially new, incoming freshman – are reminded never to put personal identifiable information, such as social security information, in emails.”
Steps taken by the North Dakota University System
Because of the breach, the university is providing free identity theft protection services to individuals wanting to take precautionary measures. It has also sent a letter to the affected individuals, outlining additional information on identity protection.
Lately, U.S. universities, as well as kindergarten through 12th grade schools, have been prime targets for breaches. On July 26, Yale University notified individuals that records from 119,000 people affiliated with the university were hacked. Last March, Rocky Hanna, district superintendent, Leon County Schools in Tallahassee, Florida, announced that 368,000 student and employee records were exposed. And in June, the Chicago Public School System mistakenly emailed private student information to more than 3,700 different families.
Risk assessments for schools
To prevent schools and universities from suffering repeated attacks, they should perform information security risk assessments. IT Governance USA is offering special promotions on its vsRisk™ risk assessment software tool. The tool is completely in line with ISO/IEC 27001:2013, and delivers information security risk assessments quickly and easily.
- vsRisk Standalone + ISO 27001 Toolkit + Support – Now only $2,760, saving $350
- vsRisk Multi-user + ISO 27001 Toolkit + Support – Now only $5,000, saving $400
