Yale University years late on data breach discovery

Yale University has announced that from April 2008 to January 2009, the names, Social Security numbers, and birthdates of alumni, faculty members, and staff members were stolen from a Yale database. In some instances, university email and physical addresses were also stolen. It wasn’t until June 2018 that the breach was discovered during a security review.

Yale University’s recourse

According to the university, there is “no indication” that the breached data has been misused. Members of the Yale community thought to be affected have been contacted and offered one year’s worth of free cyber protection services.

To try to prevent these incidents, it no longer uses Social Security numbers as identifiers. It now regularly deletes unnecessary information from its files and has strict limitations on the sharing of Social Security numbers within the university. It also systematically tests its data center servers to identify possible vulnerabilities.

Universities are prime targets for criminal hackers

The open environment of universities makes them prime targets for criminal hackers. The combination of multiple networks, multiple devices, and the transient nature of students and visiting members of staff leaves their personal data and their important research vulnerable to attack. According to Richard Forno, assistant director at University of Maryland, Baltimore County (UMBC) Center for Cybersecurity, “What makes university environments a little more challenging is that on one hand, you have research and normal company-like functions, and on the other hand, you have an open, inviting and flexible information technology environment and infrastructure.” Forno also suggested that elementary, junior, and high schools are at increased risk.

Don’t get burnt

With school out for the summer, now is the time to get #BreachReady.

Data breaches can occur at any time, but you are particularly vulnerable during the summer vacation, when criminal hackers take advantage of lower staffing levels to launch attacks. Employee error is the main contributor to data breaches, so now is a great opportunity to re-engage staff on their information security responsibilities.

IT Governance USA’s #BreachReady campaign will put university staff in good shape for the beginning of the fall semester. Our SPF (Security Protection Factor) offers have been designed to help your business defend against data breaches, whatever its budget. So, while you’re relaxing in the Hamptons or on the Jersey Shore, you can rest assured that your organization is protected.