March 12, 2015 By Douglas Bonderud 2 min read

On Jan. 22, the University of Chicago became aware of a cyberattack that targeted student records from its Biological Sciences department. According to ZDNet, university officials still aren’t certain when the hack started or how deep it went, but in a letter dated Feb. 22, the institution apologized for the threat to student and employee security and offered a one-year subscription to a credit-monitoring service. This isn’t the first time a university has been the victim of a data breach, and it certainly won’t be the last.

Known Quantities

University administrators now know that at least one Department of Medicine database was compromised, which included information about current students and employees in addition to data about former students, employees and even contractors.

The school’s letter indicates that stolen personal information ranges from names and Social Security numbers to employee IDs, usernames and physical addresses. However, it assured those affected that no banking information or other types of financial data were compromised.

Access to the database has been restricted while IT experts attempt to determine the exact scope of this data breach and for how long cybercriminals had access. So far, there’s no word on who might be responsible for the attack. The other unknown? Why universities keep popping up in the news for IT breaches.

Familiar Qualities?

Retail stores and health care agencies are both popular targets for cyberattacks because they deal with a high volume of sensitive consumer information, often with payment details attached. Post-secondary schools share some of these qualities, since students are required to provide a large amount of personal information and financial assurances to guarantee their enrollment. However, in comparison to the 70 million credit cards compromised in last year’s Target attack, the 300,000 students and faculty targeted at North Dakota University or the University of Maryland last year seem like just a drop in the bucket. With malicious actors now able to crack some of the world’s most complex and secure systems, why would they target universities?

There are two reasons. First, post-secondary IT security can sometimes be spotty. Several recent data breaches were successful because information wasn’t properly encrypted or network access policies simply weren’t up to snuff. The second reason is usability — students are typically slow to replace stolen cards or track credit ratings, and universities often wait months before disclosing the nature and scope of a breach. This leaves malicious actors with a significant amount of time to commit fraud without being detected and then move on to their next target.

The big lesson here for the University of Chicago and other post-secondary schools is that holding a large amount of student and employee records — both current and former — puts them on the same playing field as enterprises. Therefore, IT security must be tailored to match the value of assets, not assumptions.

Image Source: Flickr

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today