A data breach at the Georgia Institute of Technology, better known as Georgia Tech, potentially exposed the personal data of as many as 1.3 million users.
On 2 April, the public research university published a statement on its website in which it revealed that an unknown actor had gained unauthorized access to one of its web applications. The party thereby obtained the necessary privileges to view a central database containing the personal information of up to 1.3 million people including current and former faculty, staff, students and student applicants.
As of this writing, Georgia Tech doesn’t know the identities of all the persons whom the data breach might have affected. It also is uncertain about what types of personal information the incident might have compromised. That being said, the university’s notice did state that the event could have breached users’ names, addresses, Social Security Numbers and birth dates.
The institute of technology said that it notified both the U.S. Department of Education and University System of Georgia (USG) after discovering the breach. It also closed the vulnerability affecting its web app and launched an investigation to determine what happened. This effort remains ongoing, according to the data breach notice:
We continue to investigate the extent of the data exposure and will share more information as it becomes available. We apologize for the potential impact on the individuals affected and our larger community. We are reviewing our security practices and protocols and will make every effort to ensure that this does not happen again.
This isn’t the first time that Georgia Tech has suffered a security incident. Back in 2007, the university weathered a security breach that might have exposed the personal information of upwards of 3,000 individuals. Approximately 10 years later, the institute of technology experienced a ransomware attack after an employee visited a trusted website which bad actors had recently compromised.
While they wait to hear from the university, Georgia Tech’s users should take this opportunity to protect their web accounts with strong passwords and enable multi-factor authentication (MFA) wherever it’s available. They can also follow these additional tips to block identity thieves.