The Georgia Institute of Technology confirmed that it suffered a data breach that has exposed the personal information of 1.3 million current and former faculty members, students, staff and student applicants.
“A central Georgia Tech database was accessed by an unknown outside entity. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, Social Security numbers and birthdates,” the school revealed in a press release.
The university’s information security officials are working to determine the extent of the breach, as well as identify those who may have been affected by it. The IT team discovered the web app vulnerability at the end of March after it noticed a significant performance impact, and has since traced the first unauthorized access of its system to Dec. 14, 2018. However, it’s unknown how long the hacker(s) had access to the database.
The vulnerability has been patched, and the U.S. Department of Education and the University System of Georgia have both been notified. Anyone whose data was exposed will be contacted soon regarding available credit-monitoring services.
“Georgia Tech is committed to the privacy and security of its personal data, and deeply regrets the potential impact on those affected,” said the release.
This is just the latest hack for 2019, which started off with the largest public data breach ever. “Collection #1” saw the exposure of nearly 773 million unique emails, and more than 21 million unique passwords. That is just one data batch of at least six more, collected by someone trying to sell the info, which amounts to almost one terabyte of stolen data.
One of the most troubling aspects of the breach was the fact that it contains “dehashed” passwords, which means the way passwords were scrambled into unreadable strings was figured out.