The East Valley Institute of Technology (EVIT), a career training school, has experienced a cybersecurity incident that exposed the personal data of 208,717 individuals, including current and former students, faculty and parents.
The breach, which took place on On January 9, 2024, was disclosed on August 12 by the Office of the Maine Attorney General.
It involved nearly 50 different categories of personally identifiable information (PII), according to EVIT's breach notification letter.
Scope and Impact of the EVIT Breach
EVIT sent notifications to affected customers on August 13, informing them of the breach and the types of data that may have been compromised. Overall, the data breach exposed several types of sensitive information, such as:
-
Biometric data
-
Login information (usernames and passwords)
-
Payment card type
-
Military ID numbers
However, the school clarified that "not all of this data was potentially compromised" for every individual involved. EVIT stated, "This attack had limited impact on [its] operations." The school has taken steps to investigate the incident, secure its systems, and report the breach to "the three largest nationwide consumer reporting agencies and appropriate authorities."
Expert Opinions on the EVIT Breach
Industry experts have weighed in on the severity of the EVIT data breach. Jason Soroko, senior vice president of product at Sectigo, commented, "The exposure of 48 distinct categories of personally identifiable information (PII) in the EVIT breach is unusually high, even for significant cybersecurity incidents."
He suggested that this situation "highlights the need for organizations to improve data compartmentalization and implement stricter controls."
Darren Guccione, CEO and co-founder at Keeper Security, echoed Soroko's analysis, emphasizing the heightened risks posed by the range of compromised data.
He explained that while breaches typically involve PII such as names and Social Security numbers, "the inclusion of additional sensitive information like biometric data, login credentials and military ID numbers significantly escalates the severity of this breach."
Recommendations for Affected Individuals
Guccione advised affected individuals to take proactive measures to safeguard their identities. These include:
-
Signing up for identity theft protection services
-
Using a dark web scanner to monitor for compromised credentials and PII
-
Implementing a zero-trust architecture in organizations to limit the scope of potential future breaches
-
Strengthening cybersecurity defenses with comprehensive monitoring
-
Limiting data collection to essential information
-
Enforcing strict access controls within organizations
The EVIT data breach has highlighted once again the critical need for robust cybersecurity measures in educational institutions. As the impact of the breach becomes clearer, affected individuals and organizations must remain vigilant and take appropriate steps to mitigate potential risks.