Washington State University Suffers Old-Fashioned Data Breach
Hackers have some pretty high-tech skills at their disposal, skills that can put some industry techxperts to shame. With all the news of record-setting numbers of data breaches and sophisticated internet operatives, it’s easy to forget that not all data breaches are so high-tech.
Washington State University found that out the hard way when they announced a data breach that compromised the identities of about one million people. The identity profiles included information like names, birthdates, Social Security numbers, and more. Sadly, due to the nature of the data that was stolen, some of the victims in question are even minors.
How did such a high number of records get compromised in a single data breach?
Ironically, it was their efforts to secure copies of key demographic information that led to it falling into the wrong hands. A safe belonging to the university was stolen, and inside it was a backup hard drive containing unencrypted personal information. The records that were compromised belonged to survey and research participants, some of which had been gathered from outside agencies.
According to a statement by Kirk H. Schultz, president of WSU, “On April 21, 2017, we learned that a locked safe containing a hard drive had been stolen. The hard drive was used to store backed-up files from a server used by our Social & Economic Sciences Research Center (SESRC)…The drive contained documents that included personal information such as names, Social Security numbers and, in some cases, personal health information. Entities that provided data to the SESRC include school districts, community colleges, and other customers.”
WSU officials are now faced with the task (and the expense) of notifying the victims and offering them one year of credit monitoring. Unfortunately, incidents like this one are far from unique, as any business that has lost a hard drive, had a laptop stolen, or had unshredded documents leave their offices can attest.
It’s important for businesses of every size and industry to understand that “low tech” data breaches are still a highly viable threat.
In most of those crimes, the concern over victims’ identities wouldn’t be so dire if they would follow one major protocol: encryption. Ensuring that information is encrypted and those devices are password protected is neither difficult nor overly expensive, but can go a long way towards preventing the unnecessary expense of potentially exposing victims to identity theft and fraud.