An American University in the state of Georgia has suffered a serious data breach that exposed the social security numbers of up to 170,000 students and staff
The dangers of security breaches has once again been highlighted after a critical server at the Valdosta State University in Georgia was hacked, compromising highly sensitive personal information of thousands of students and staff.
According to eSecurity Planet, the hacker managed to infiltrate the server and gained access to student grades as well as Social Security numbers.
Valdosta officials have now confirmed that up to 170,000 people are thought to be affected.
John Newton, director of the university’s information technology staff, said the breach was first detected on 11 December 2009, and a subsequent investigation found that hackers had accessed the data as far back as 11 November.
“An initial investigation has found no evidence that any personal data was accessed or transferred,” Newton said. “The breached server was secured and removed from the network. We are continuing the investigation with assistance from University Police and the Georgia Bureau of Investigation.”
Valdosta State is now in the process of contacting all affected individuals and has set up a website for students and faculty to receive updates on the investigation and any illicit use of the compromised data.
“We regret the incident and are reviewing and revising our procedures and practices to minimize the risk of a reoccurrence,” Newton said.
The news comes as The Federal Trade Commission notified almost 100 organisations that personal information, including sensitive data about customers and/or employees, has been shared from their computers via peer-to-peer networks.
And earlier this week, security vendor Symantec published a study that revealed that cyber attacks are costing enterprises around $2 million (£1.3m) per year. The study also revealed attacks are on the increase, with 75 percent of organisations admitting they have experienced cyber attacks in the past 12 months.
In the UK, meanwhile, the Office of the Information Commissioner (ICO) has warned that businesses which do not own up to data breaches will face tougher action than those that come forward of their own volition. The ICO has been given the power to issue large fines for any serious data breaches.