In 2014, 30 educational institutions experienced a major data breach. These numbers make educational institutions the second highest per capita data breach cost (Healthcare is number one). Attackers are finding a way into the networks of educational organizations, through a multitude of ways including: a lost or stolen device such as a security card or a phone, spear phishing, malware, etc. According to 2015 Data Breach Investigations Report by Verizon the weekly average number of malware events for the education industry is 2,332 whereas the financial industry is 350 a week on average. The spike in educational organizations being targeted could be because educational institutions have less-strict policies and controls or a sign that education users are easy pickings for high-volume opportunistic threats.
Educational organizations house a plethora of data from confidential research to personal data including parent’s information for financial aid, social security, dates of birth, employment record transactions, and more. These major data breaches can not only damage an organization’s reputation but also a cause the organization to lose government grants and private funding or even worse, students.
Top 5 Educational Institution with data breaches in 2014:
1. University of Maryland*: 300,000 student, faculty, and staff records were compromised
2. North Dakota University: 300,000 past and present students personal information
3. Butler University: 200,000 in the school’s network including names, birth dates, driver’s licenses, social security numbers and bank account information
4. Indiana University: 146,000 current and former students personal information including names, addresses and social security numbers
5. Arkansas State University: 50,000 people had their full and partial social security numbers leaked
Already in 2015, four major educational institutions have been hacked, including, Penn State College of Engineering, University of Maine, Escondido Union School District, and Mount Pleasant School District.
Our research has shown that there is a way to prevent these attacks by using access control technologies that are available such as Two-Factor Authentication, Adaptive Authentication, Threat Detection and Single Sign-On. With SecureAuth IdP an organization can get all of these benefits from a single product that is highly configurable to fit a variety of use cases.
SecureAuth is a proud partner of the following leading educational organizations:
• Carnegie Mellon
• Florida International University
• Loma Linda University
• University of Maryland* (After the major data breach at University of Maryland, SecureAuth IdP was instituted to improve security)
• Cleveland Community College
• And more…
Statistics and data referenced from Privacy Rights Clearinghouse.