Data Breach at Georgia Tech Impacts 1.3 Million People
Georgia Tech (The Georgia Institute of Technology) has announced detection of a data breach that impacted 1.3 million people.
A Georgia Tech notification, dated April 2, 2019, says, “Georgia Tech discovered that unauthorized access to a web application has exposed personal information for up to 1.3 million individuals, including current and former faculty, students, staff, and student applicants.”
It was a vulnerability in a web application that had allowed a hacker to gain access to the personal information stored on the institute’s network. Georgia Tech developers who were investigating a performance issue in one of their web applications detected the unauthorized entry. This made the institute initiate an investigation, which revealed that the breach started in December 2018.
The FAQ section of the Georgia Tech breach notification states, “Application developers for the Institute noticed a significant performance impact in one of its web applications and began an investigation on March 21, 2019. During this investigation it was determined the performance issue was the result of a security incident.”
“The Institute traced the first unauthorized access to its system to Dec. 14, 2018,” the notification further reads.
The institute found that the breach led to unauthorized access to personal data including the names, addresses, internal identification numbers, date of birth, and social security numbers of current and former students, faculty and staff, as well as student applicants. The process of notifying individuals about the breach started on April 2, 2019.
The Georgia Tech communication clarifies, “The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.”
The vulnerability that led to the cybersecurity incident has been patched and Georgia Tech re-iterated that it “…continues to proactively monitor and address vulnerabilities in its network.” The U.S. Department of Education and the University System of Georgia have been notified and the investigation is ongoing. More details will be available soon.
This is the second security incident impacting Georgia Tech within the span of a year. DataBreaches.net had reported, in July 2018, that nearly 8,000 students were impacted in an accidental breach of records that happened when a staff member inadvertently attached a spreadsheet containing confidential student data and sent it out to students in a mass email. The data thus shared included ID numbers, home addresses, Visa info, GPA, academic standing and hours earned.