145K job applicants affected by Virginia Tech data breach

September 28th, 2013 by admin Leave a reply »

Information of about 145,000 job applicants at Virginia Tech was revealed in a data breach by hackers. The mistake led to a cyber attack to compromise a computer server in the university’s human resources department, said Larry Hincker, Virginia Tech spokesman.

Individuals affected by this data breach incident include applicants between 2003 and 2013. The compromised data includes names, addresses, employment and education history. In the case of about 16,650 individuals, the compromised data includes driver’s license numbers.

“Faculty applicants are asked to provide minimal information on the online application, so no employment or education history was on the server. For staff applicants, employment and education history was on the server” a Virginia Tech news release said.

In a statement given by the university, no Social Security Numbers or dates of birth were compromised in the incident. Lawrence Hincker, associate vice president for university relations at Virginia Tech blamed the breach on a process failure.

“The server was placed in service without our normal cyber protection protocols,” thereby allowing illegal access to the data, Hincker said in an email.

The university said that someone illegally accessed the server and the data it contained. In many cases, such data compromises go unnoticed until the breached entity is notified by law enforcement, credit card companies or victims.

Hincker commented “Mitigation in this instance means ensuring that people with responsibility for placing equipment into service follow standard procedures”.

All victims whose driving license numbers were compromised have been notified of the breach, the university said.

Driver’s license numbers and employment data are considered protected financial information, Under Virginia law. Organizations that suffer a breach involving such data are required under state law to issue a public notification.

In recent years, hundreds of universities and millions of data records have been compromised due to what security analysts say are poor security practices. The number of data breaches involving universities and other institutes of higher education does appear to be declining though.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply