Data Breach at University of Alaska
When large scale data breaches first began to make headline news a few years ago, it seemed like retailers were a prime target. Their point of sale systems were a particular favorite avenue of attack since they contained customers’ credit card information, and due to the fact that installing a virus in the network was a fairly simple task.
But credit card numbers are easily cancelled and reissued, rendering all the work of hacking the system useless. That’s why hackers have set their sights on bigger objectives, ones that contain more sensitive information and more permanent data.
Medical offices and universities have become sought after victims for data breaches due to the nature of information they gather. Names, birth dates, and Social Security numbers are commonly collected by both schools and doctor’s offices, and those offices are often believed to have weaker security protocols or outdated technology to protect the information.
Officials overseeing one recent breach, though, have taken the aftermath process a step further and are working towards better prevention. The University of Alaska has announced that a data breach of the servers at its Mat-Su campus resulted in the unauthorized access of information stored there. While the university has sensitive information like Social Security numbers on its more than 5,000 students, they don’t have reason to believe that those kinds of details were breached.
Just to be safe, the university has sent out data breach notification letters to its affected students and is fronting the cost of many cleanup steps, like insurance against fraudulent charges and identity theft monitoring. But the bigger step the university is taking is in educational efforts to prevent further breaches, starting with an upcoming campus-wide training for all faculty and staff about information security. One of the proposed topics of the training will be understanding what led to this breach in the first place, which means it’s safe to assume that a typical phishing attack or spoofing may have been the culprit.
Phishing attacks occur when a hacker sends a message, email, or phone call to encourage someone to hand over detailed information that gives him access to the network. It might be an email whose link installs a virus on the network, or a copycat phone call that requests a password or account information. There have even been reports of company employees who were directed via email to change the username and password on a sensitive account, allowing the hacker access if the employee falls for it.
It’s important to remember that anyone can fall for a phishing attempt, especially one that uses a spoofed account that looks like it came from someone higher up the chain of authority. The only way to be sure to avoid this kind of tactic is to establish firm guidelines that no out-of-the-ordinary instructions are to be followed without verbal verification, and that emails containing links are to be carefully screened before clicking.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.