The Georgia Institute of Technology (Georgia Tech) announced to have suffered a security breach, “an unknown outside entity” had access to data of up to 1.3 million people.
The Georgia Institute of Technology (Georgia Tech) suffered a security breach, on Tuesday it revealed that “an unknown outside entity” had gained unauthorized access to a database that stored the details of 1.3 million individuals.
Exposed data includes names, addresses, social security numbers, dates of birth, and internal identification numbers of up to 1.3 million students and student applicants, current and former faculty, and other staff information.
This security breach could be one of the biggest data breaches suffered by a US university.
The university quickly launched a forensic investigation to determine the extent of the breach.
“Georgia Tech discovered that unauthorized access to a web application has exposed personal information for up to 1.3 million individuals, including current and former faculty, students, staff, and student applicants. The Institute’s cybersecurity team is working to determine the extent of the access and to identify the affected individuals.” reads the statement published by Georgia Tech.
“The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.”
On March 21, the internal staff discovered the intrusion after noticing a significant degradation of the performance.
The internal staff discovered that the intruders had gained access as early as December 14, 2018, by exploiting a vulnerability in a web application. The flaw was quickly patched by the IT staff at the university.
The U.S. Department of Education and University System of Georgia (USG) have been notified, Georgia Tech has started notifying potentially impacted individuals.
The university announced that it is reviewing its security practices and protocols and will make every effort to ensure that this does not happen again.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.