The Georgia Institute of Technology (Georgia Tech) suffered a security breach, on Tuesday it revealed that “an unknown outside entity” had gained unauthorized access to a database that stored the details of 1.3 million individuals.
Exposed data includes names, addresses, social security numbers, dates of birth, and internal identification numbers of up to 1.3 million students and student applicants, current and former faculty, and other staff information.
This security breach could be one of the biggest data breaches suffered by a US university.
The university quickly launched a forensic investigation to determine the extent of the breach.
“Georgia Tech discovered that unauthorized access to a web application has exposed personal information for up to 1.3 million individuals, including current and former faculty, students, staff, and student applicants. The Institute’s cybersecurity team is working to determine the extent of the access and to identify the affected individuals.” reads the statement published by Georgia Tech.
“The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.”
On March 21, the internal staff discovered the intrusion after noticing a significant degradation of the performance.
The internal staff discovered that the intruders had gained access as early as December 14, 2018, by exploiting a vulnerability in a web application. The flaw was quickly patched by the IT staff at the university.
The U.S. Department of Education and University System of Georgia (USG)
The university announced that it is reviewing its security practices and
(SecurityAffairs – Georgia Tech, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.