Oregon State Uni Attack Exposes Data on Hundreds

Written by

Another US university has been hit by a successful cyber-attack, this time potentially compromising personal information (PII) on hundreds of students and family members.

Oregon State University (OSU) issued a public notice on Friday after one of its employee’s email accounts was hacked last month and used to spam others with phishing emails.

Forensic investigators found several documents in the breached inbox which contained the PII of 636 students and their relatives, a statement from the university noted.

“OSU is continuing to investigate this matter and determine whether the cyber-attacker viewed or copied these documents with personal information,” said Steve Clark, the university’s vice-president for university relations and marketing.

“While we have no indication at this time that the personal information was seen or used, OSU has notified these students and family members of this incident. And we have offered information about support services that are available, including 12 months of credit monitoring services that the university will enable at no cost.”

Andrew Clarke, EMEA director at One Identity, argued the incident shows that people remain the “first and last line of cyber-defense.

“Creating a framework for identifying, authenticating, and authorizing correct access for sensitive information and ensuring that it is implemented across the entire organization can help protect information pertaining to individuals, which is the most critical type of data held by many institutions,” he added.

“PII such as social security numbers, names and physical addresses, and usernames and passwords are a key target, and just one major breach of such data and there is a loss of faith in the organization and knock-on impact on the business."

Universities are an increasingly popular target for both financially-motivated cyber-criminals and even state-sponsored hackers – who are looking for large troves of personal data on students and staff to monetize sensitive IP in ground-breaking research.

Earlier this year, Georgia Tech suffered a breach of 1.3 million staff and student records after a web app vulnerability was exploited by attackers.

What’s hot on Infosecurity Magazine?