University of Delaware is a major research institution, and one of the oldest universities in the US. UD has become the victim of recent data breach incidents, as personal information of more than 72,000 past and present employees was compromised from the university’s system.
Email had been sent by the university to ensure that those affected are properly informed. To pin down the scale of the breach and to identify any other risk, investigators have been called in.
A system was set up for the employees to check if they were affected or not, all the affected employees were offered credit monitoring services to keep an eye out for potential identity theft.
The risk of identity theft is high as the data stolen included names, addresses, university IDD numbers and Social Security Numbers.
The FBI and forensic teams are probing further, but so far few specifics have emerged, beyond the rather vague statement in the official announcement that the breach was down to “a vulnerability in software acquired from a vendor” – basically saying the fault was with some piece of software not created internally, which doesn’t really narrow the field very much.
However, local news sources claim the flaw was in Struts2 software, which suggests the hack is related to Java.
“The University will not contact you and ask to confirm any of your personal information. If an unknown person contacts you and claims that he or she can help you if you would just confirm your personal information, do not surrender any information,” the university stated.
The university is working with FBI officials on the issue, and is trying to make sure something like this doesn’t happen again. Local news report suggested that the breach was first spotted more than a week ago, leading to sections of the university website being inaccessible for a time.
Get your personal as well as office laptops encrypted by Alertsec
With so much vulnerability on public networks unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.