University of Central Florida Breach Affects 63,000

Written by

The University of Central Florida has become the latest victim of a data breach.

The perpetrators gained unauthorized access to Social Security numbers for approximately 63,000 current and former UCF students and staff and faculty members.

Credit card information, financial records, medical records and grades were not affected. But Adam Levin, chairman and founder of IDT911, told Infosecurity via email that this should be of cold comfort to affected individuals.

“Unfortunately, as UCF reports that Social Security numbers were involved,” he said. “This means that those members of the University community who were exposed will be looking over their shoulders for the rest of their lives. Though the intruders may not have gained access to financial or medical files, with a Social Security number in hand, they are in position to commit financial fraud, medical identity theft, or worse.

UCF said that it discovered the unauthorized access in January. University officials reported the incident to law enforcement and launched an internal investigation. It’s also in the process of notifying by mail those affected.

“Safeguarding your personal information is of the utmost importance at UCF,” said John Hitt, university president, in a notice on the school website. “To ensure our vigilance, I have called for a thorough review of our online systems, policies and training to determine what improvements we can make in light of this recent incident.”

The long string of breaches that has plagued the higher education community in the past few years is unsurprising, because colleges and universities are such open environments. “Any business, organization or institution which keeps social security numbers, credit card information and other personal data online is a potential goldmine for the cyber-criminal because they can get a massive amount of information in a very short period of time. Schools, hospitals and even governments can be at particular risk due to the likelihood of handling private information criminals would find attractive,” said Paul Jespersen, vice president of Enterprise Business Development at Comodo, via email. “In today’s environment, it is imperative for any business to work with advanced cybersecurity solutions developers who work daily to stay a step ahead of the criminal by researching advanced persistent threat patterns and innovating back-end security technologies that protect endpoints and networks and keep IT environments safe.”

In fact, this is the second reported breach [PDF] involving a Florida university in the first 35 days of 2016 (Florida International University being the first).

“Our advice—sign up for the free monitoring and identity theft resolution services that are being offered by UCF,” said Levin. “Consider freezing your credit with each of the three major credit reporting agencies. Stay alert and if you see something—anything that doesn’t look proper—say something.”

Photo © Jillian Cain/Shutterstock.com

What’s hot on Infosecurity Magazine?