One of the more renown universities in the world when it comes to computer science and cybersecurity was hit with a data breach affecting 1.3 million people.
The Georgia Institute of Technology (Georgia Tech) Tuesday said “the information illegally accessed by an unknown outside entity was located on a central database.”
“Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates,” the university said in a statement.
The intrusion was discovered on March 21 after developers noticed a significant performance impact that later turned out to be a result of the breach, university officials said in a breach FAQ. An analysis of the incident found hackers gained access as early as December 14, 2018, by exploiting a vulnerability in a web application.
The university said the flaw was patched and it continues to proactively monitor and address vulnerabilities in its online environment.
Georgia Tech has started notifying potentially impacted individuals, but it’s still working on determining who exactly is affected. The organization may decide to offer free protection services to those impacted by the breach.
“How ironic that a university with a high ranking in computer science, which offers courses in cybersecurity, got hacked,” said Dan Tuchler, CMO at SecurityFirst. “This in a state which has had privacy regulations in place – the Georgia Personal Identity Protection Act – since 2007. This is a clear example of the need for encryption of personal data. Hackers always find a way in and they need to be stopped before they get the personal data.”