Security breach affects 72,000, university responds
Published: Sunday, September 1, 2013
Updated: Sunday, September 1, 2013 14:09
On July 17, a cybersecurity breach compromised 72,000 university employees’ personal information to an unknown hacker. According to Karl Hassler, associate director of the university IT Systems Security Department, the incident is not uncommon in higher education.
“Many large research universities across the country—including Stanford—have been subjected to attacks over the last days and weeks,” Hassler stated in an email message.
Hassler, who assisted in heading the university’s response to the attack, said cyber attacks are becoming increasingly common in all sectors of society.
“The incident is neither unique nor the largest security breach in higher education,” Hassler said.
The information released by the breach, which affected past and current employees, consisted of social security numbers and other information that could increase the likelihood of identity theft, according to a university email sent on July 29 to affected students.
In response to the event, the university partnered with Kroll Advisory Solutions to offer three years of free credit monitoring and theft consultation services to affected persons, according to the email sent to current and former employees. The hacker remains unidentified and the incident is still currently under investigation by the FBI.
Kevin Haughey, a graduate student, said many companies, particularly financial institutions, have their information compromised through security breaches, which makes it “difficult to say” whether the July 17 attack will affect the university’s reputation.
“The event does bring awareness to the fact that universities are also targets and that more money needs to be invested in protecting them,” Haughey said.
Billy Haines, a 2003 graduate of Newark, Del. and former university employee who was affected by the breach, said he thinks the breach has the potential to affect the university’s reputation, particularly in the eyes of donors, despite the fact that security attacks are becoming more common. He said cybersecurity protection is like a “game of cat and mouse.”
According to Susan Moerschel, senior director of marketing of Kroll Advisory Solutions, the field of identity theft management has been around for about a decade.
She said Kroll Advisory Solutions has a history of helping institutions, such as companies, universities, hospitals and governments, as well as individuals “whose data has been exposed through no fault of their own.”
Personal information has become easily accessible to the public in today’s modern era, Moerschel said.
“We are all called upon to be particularly prudent about how we handle our information,” Moerschel said. “Social engineering has sort of desensitized us to sharing personal data.”
The university offering free credit monitoring was a good move, Haughey said, but the school should be continually aligned “with a company that does a good job of monitoring.”
Haines said the university “went above and beyond what they were expected to do” in response to the breach. Haines, who has previously had his personal information compromised when his bank experienced a security breach, said the university’s dispensation of free credit monitoring for three years was an improvement over his bank, which offered the same service for six months.
“The reality is that in our day and age, identity theft is an issue,” Haines said. “People just have to be smart about what information they give out. You have to be monitoring your statements.”
Moerschel said it is important to recognize that the university has offered three years of credit monitoring because identity thieves will often wait out the typical one-year credit monitoring.
“There’s a circumstance that some investigators in the field call ‘zero day,’” she said. “They think that one year of credit monitoring is not enough and that if someone really has your information they know when that year runs out.”