Another day, another data breach at a university. Eastern Washington University discovered this week that more than 130,000 current and former students may have had their personal information stolen by a hacker sometime in the past year. This is just the latest in a string of universities that were attacked. The scary thing is that the universities are not sure when the breach happened.
Officials think that people are targeting research universities because there is a lot of sensitive, hence profitable, information available. Are these related, are they insiders, are they coordinated? No one knows or would talk if they knew. If this continues, higher education and students could be severely compromised.
Is this a failure of technology, people or process? It’s probably all of them. Servers with important information may be out in the open and basic security measures not taken. There may also be a lack of proper training on where to store sensitive information. There might be inadequate processes in place to prevent leaking sensitive data in the first place.
It’s important to tackle all three to plug vulnerabilities. The best technology can’t prevent problems without the best trained people and processes.