University of Kentucky Data Breach
Data breach incident at the University of Kentucky has led to the exposure of personal details of students and Teachers. This breach was discovered through an annual cybersecurity check, which indicated a vulnerability in the university’s College of Education database server.
According to WDRB, 355,000-plus email addresses were exposed due to this flaw where the affectees belonged to different parts of the globe. The University’s Chief information officer highlighted that the database is part of the free Digital Driver’s License for training and test-taking program that Kentucky and other states’ K-12 schools use.
Also, read Ransomware hits Isle of Wight Schools, to gain an insight into a similar attack, where staff and students were also restricted from using their accounts.
The University of Kentucky is in Lexington and was founded in 1865 by John Bryan Bowman. It has the highest enrollment in the state with colleges, a graduate school, undergraduate programs, master programs, doctoral programs, and professional programs.
The extent and impact of the attack can be identified by the fact that names and email addresses in the database were not just limited to students and teachers in Kentucky. The academic institution pointed out that the information was spread to students and staff of 50 states and 22 other countries. One thing that was comforting was that the database did not hold financial, health, or Social Security details, thus restricting the probability of identity theft.
The University of Kentucky has always strived to strengthen its Cybersecurity practices, and it claims to have invested around $13 million in this regard. After the incident, their IT solutions further plan to invest another $ 1.5 million to solidify the steps taken earlier. Furthermore, the University representatives state that measures like informing the affected districts and the legal and regulatory bodies have been taken.
Along the way, the university also announced multi-factor authentication for all important systems, including email and VPN, with the commencement of a new position of an enterprise chief information security officer (CISO).
The university further ensured that to mitigate security incidents, they will implement next-generation firewalls and are taking bolder steps so that patches for severe vulnerabilities are created immediately to minimize the damage. Also, deprovisioning of accounts of ex students and staff will be another act in this direction.