Some current and former university students and staff may be in for a rude awakening when it comes to their personal identifiable information: it may have been compromised in a recent data breach of University of Central Florida servers.
The breach, which was discovered last month and immediately turned over to law enforcement, compromised the names, birthdates, Social Security numbers, and other pertinent information of 63,000 people who had ties to the university. The University has mailed out notification letters to individuals who were affected by the breach, and did note that no grades, credit card numbers, or scholarship details were impacted. Interestingly, there seem to have been two key groups affected by the event: one was current and former student athletes, and the other was University employees.
This is the latest in a growing list of data breaches at colleges and universities, and there may be multiple reasons—related or not—as to why hackers are going after schools. In the first instance, higher education institutions conduct a lot of research, some of it paid for by government agencies, pharmaceutical companies, and other corporations. Access to this research can be highly sought after since it has a lot of value to other researchers or companies, especially where patents, intellectual property, and occasionally even top secret data are concerned.
Another possibility is the “clean slate” approach to stealing young people’s identities. Given that many of the targets were college students, the use of their Social Security number to obtain credit is plausible, as opposed to trying to buy a car with a six-year-olds identity, for example. Additionally, it provides clean credit to use without the already established debt and the likelihood of discovery that adults’ identities can have.
Whatever the hackers’ purposes in breaching the university’s servers, it’s vital that all students and employees at UCF change their passwords immediately. It’s unlikely that the hackers only stole 63K records and then stopped because they were unable to access more; changing school-issued passwords and protecting accounts that cross those servers is crucial.
In the case of the notification letters, it’s critical that the affected UCF community—and all consumers who receive a notification letter for any breach, by the way—follow the instructions in the letter completely. Depending on the type of information that was stolen, a notification letter offers important help. It informs the victims of what information was compromised, and may offer them free credit monitoring if things like Social Security numbers were stolen. In more dire circumstances, it can even serve as proof that you may have been the victim of identity theft; this can be every helpful if you ever need to prove your innocence of unauthorized charges, new accounts, or even criminal charges down the road.