Universities have been targets for years. There have been Universities that have been compromised multiple times within a year. The attackers acknowledge there is a plethora of knowledge available to be exfiltrated and later sold or used in an unauthorized manner. This value may be rather substantial as this is sold on the dark web.
In late 2016, one of the latest targets was Michigan State University. The University was breached on November 13, 2016. The data exfiltrated included the social security number, MSU ID number, and employee’s date of birth. Fortunately, the database compromised did not contain other information, which would have made the situation must worse. This would have included passwords, or information regarding the persons financial, academic, contact, gift, or health data. The breach involved 449 records which were exfiltrated. These were only a portion of a database with over 400K records. The attacks sent MSU an email in an attempt to extract a payment from the University.
Post-Breach Actions
The University took this rather seriously, which is a good thing. Too often the affected party has a quick knee-jerk reaction. The University worked through the issue and did not pay the “requested” fee. After this decision, the University began to notify the affected parties, consisting of students, alumni, staff, and faculty. The University did post a website with the updated information regarding the compromise. The usual disclaimer was also published with this. The University, to their benefit, is providing two-years of identity theft protection, fraud recovery, and credit monitoring for free.
Lesson Learned
Data is pertinent and valuable to different persons, for different reasons. The attackers focused on this, naturally. The areas holding these need to be secured, and subnet the segments where possible. The dB with confidential data should be reviewed with regularity, along with the logs. This is used to limit exposure, from a time perspective. With checking the logs regularly, the authorized staff is able to note when a compromise would have occurred more sooner than later. An attacker with free reign for several months has a greater potential for creating issues, than someone who has been noticed within a week.
Resources
Mencarini, M. (2016, November 21). MSU: Names and social security numbers accessed in data breach. Retrieved from http://on.freep.com/2g6BwmR
Mencarini, M. (2016, November 22). Michigan state university confirms data breach of server containing 400,000 student, staff records. Retrieved from http://www.wxyz.com/news/michigan-state-university-confirming-data-breach-of-server-containing-400000-student-staff-records
Miller, F. (2016, November 18). Update: MSU spokesman says hack was an extortion attempt. Retrieved from http://www.wix.com/content/news/MSU-data-breach-exposes-records-of-current-and-former-students-employees-401946226.html
WXYZ. (2016, November 22). Michigan State University confirms data breach of server containing 400,000 student, staff records. Retrieved from http://www.wxyz.com/news/michigan-state-university-confirming-data-breach-of-server-containing-400000-student-staff-records
No comments:
Post a Comment