he University of Maryland president testified in front of Congress Wednesday for the first time since a massive data breach embarrassed the university and exposed the private information of hundreds of thousands of past and current students, staff, and faculty.
Dr. Wallace Loh told a Senate committee the university has now moved most of its websites to the cloud, expunged 80 percent of its databases, and hired experts to improve its protections.
But the attacker used the anonymous browser ‘Tor’ which masks a user’s location, meaning no one may ever be caught.
Butler University has joined a growing list of higher-education institutions hit by data thieves.
Butler’s president, James M. Danko, said in a letter to those who may have been affected that personal information on as many as 163,000 students, alumni, employees, and even potential applicants might have been obtained by hackers, according to The Indianapolis Star. The data breach was discovered in late May, when a flash drive containing information about some Butler employees turned up in California.
UC Berkeley officials are in the process of notifying approximately 1,600 individuals that their personal information may have been compromised in a data breach of the campus’s real estate division.
The breach allowed unauthorized access to servers that were used to support a number of UC Berkeley real estate division programs. The campus estimates that about 1,300 Social Security numbers and 300 credit card numbers were among the data accessed. The data span from the early 1990s to May of this year.
Few institutions budget in advance for data breaches, according to college officials and data-security professionals. Cybersecurity insurance in higher education remains a rarity, despite a consensus among those working in the field that the likelihood of such a breach involves “when,” not “if.”
The list of potential expenses is long. It includes forensics consultants, lawyers, call centers, websites, mailings, identity-protection and credit-check services, and litigation. Breaches can prompt major campus projects, such as risk-management reviews, campuswide encryption, and tests to determine how vulnerable networks are.
The university’s information-technology staff discovered a breach that affected five departmental servers containing information on students enrolled from 1995 to 2012. The servers also contained university ID numbers for 18,949 students.
While more companies are taking action to prevent and respond to a security breach like the recent Home Depot hack, the number of attacks is also on the rise. In the past year alone, an astounding 43% of companies in the United States were hit by a data breach, according to a new study by Experian and Ponemon—a 10% increase from the previous year.
According to the survey, which asked 567 executives of U.S. companies about their preparedness and response plan for a data breach, 73% said their company has plans and teams in place to respond to a data breach (compared to 61% in last year’s survey). However, only 30% of respondents said that plan was effective, and a vast majority (78%) don’t update their plan regularly.