Georgia Tech Breach Strikes Possible 1.3 Million

broken padlock

Georgia Tech recently went public about a data breach — the second in less than a year — that could have exposed the personal information of up to 1.3 million people. The cause: a custom web application with a form that was vulnerable to SQL injection.

In mid-2018, Tech suffered data exposure when the university mistakenly sent personal details of almost 8,000 College of Computing students to fellow students as part of an invitation to a conference. The list was accidently attached to the e-mail.

The institution uncovered the latest unauthorized access on March 21, when developers for the school "noticed a significant performance impact" in one of its web applications (which has since been patched). From there, cyber criminals were able to gain access to a "central database."

The security team was able to trace the first of a series of unauthorized breaches to Dec. 14, 2018. By April 2, the institution had begun notifying those affected, including current and former faculty, students, staff and student applicants. The information available on the database included names, addresses, internal ID numbers, dates of birth and social security numbers. It didn't include financial information, health records, grades or research data.

Georgia Tech is working with forensic and data analysis firms, as well as its own police force and the FBI.

"We continue to investigate the extent of the data exposure and will share more information as it becomes available," the institute stated on its website. "We apologize for the potential impact on the individuals affected and our larger community. We are reviewing our security practices and protocols and will make every effort to ensure that this does not happen again."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • digital data protection and cyber security

    White House Launches New AI Security Framework

    President Donald Trump has issued a new executive order aimed at maintaining United States AI leadership while addressing the security risks posed by increasingly powerful AI systems.

  • workshop participants discuss sustainability in open science and research

    Open Source: Advancing Our Digital Commons

    IT leaders are recognizing the benefits of a return to open strategies. CT asked Jack Suess, VP of IT and CIO at UMBC, for his views on returning to the digital commons of open source.

  • Student classroom scene with diverse learners attentively engaging in lecture, using laptops

    The AI Literacy Gap No One Expected

    While Gen Z may be advanced at generating quick outputs or using free LLMs for surface-level tasks, they need to develop critical thinking, communication, and analysis skills.

  • Digital Network of User Profiles and Data Connections

    Microsoft, RSA Make Identity Security Push in the Age of AI

    Two of the bigger authentication announcements to come out of the recent RSA Conference both point in the same direction: Organizations need a more flexible, unified approach to identity security, especially as AI agents start acting alongside human workers.