[BreachExchange] Georgia Tech to offer credit monitoring after data breach affecting 1M+

Destry Winant destry at riskbasedsecurity.com
Wed May 29 10:17:32 EDT 2019


https://www.wsbtv.com/news/local/georgia-tech-to-offer-credit-monitoring-after-1m-data-breach/951349958

ATLANTA - Georgia Tech is taking steps to help people whose personal
information may have been compromised during a data breach.

Channel 2's Aaron Diamant has been following this story since it broke
in April, when the college said someone gained unauthorized access to
a web application, affecting nearly 1.3 million people, including
"some current and former faculty, students, staff and student
applicants."

Georgia Tech will be sending out letters offering credit monitoring
and identify theft protection.

The breach was a SQL server intrusion that allowed the hacker to send
queries through the server to the internal database that housed all
the personal information. It went on from December to March.

One of the area's best-known consumer advisers, Clark Howard, told
Diamant the options the school is offering those impacted by the
cyberattack could give them a false sense of security.

“This whole thing about credit monitoring is ... it’s just the
corporate playbook 101,” Howard said. “It’s a waste of people’s time.
It’s a waste of Georgia Tech’s money. Credit monitoring does nothing
to protect you after one of these data breaches.”

Clark urges all consumers to freeze their credit instead.

“We’re taking things very seriously in trying to help them feel better
about, OK, we’re going to try to help you protect your data. We’re
going to help you protect your credit,” said Georgia Tech spokesman
Lance Wallace. “We’ve upgraded our security measures, and this is the
kind of thing that we should be able to prevent going forward given
what we know.”

But Howard has a warning.

“Any organization is subject to hacking, and it doesn’t matter how
many precautions you put in place, if hackers are determined to hit
your database or find a backdoor vulnerability into it, they’re coming
in,” Howard said.

The FBI is still working to identify the hacker in the case.

Here is the letter released to the public:

To the campus community:

This is an update to members of the Georgia Tech community regarding
the security incident experienced by Georgia Tech, about which you
have received previous communications. Georgia Tech is notifying 1.265
million people and offering credit monitoring and identity theft
protection services to individuals whose Social Security number was
involved in the incident.  This message explains the incident,
measures we have taken to address the security issues, and some steps
that individuals can take in response.   Given our commitment to
transparency and communications with our employees, we want to make
sure you have the facts.

What happened?

In late March 2019, Georgia Tech identified signs that an unauthorized
person had found a way to send queries through a Georgia Tech web
server to an internal database. Georgia Tech immediately implemented
its incident response protocol, took steps to secure the web server,
and began an investigation to determine what records in the database
were accessed. The U.S. Department of Education was notified, and
Georgia Tech set up a dedicated website on April 2, 2019, to share its
preliminary findings.

Leading forensic firms were engaged to assist in the investigation and
help determine the specific information that was accessed. The
investigation determined that access to the database may have occurred
between December 14, 2018, and March 22, 2019. The information
contained in the database that may have been accessed includes name,
date of birth, Social Security number, and Institute ID number. Our
investigation has concluded, and we are in the process of providing
written notice to certain members of our community.

What are we doing to address this?

Georgia Tech is notifying 1.265 million people and offering credit
monitoring and identity theft protection services to individuals whose
Social Security number was involved in the incident. To help prevent a
similar incident from occurring in the future, we are taking steps to
enhance existing security measures.

What should I do if I receive questions?

In the event you receive questions about the incident, please direct
individuals to the call center we set up at 855-543-5399, Monday
through Friday, 8 a.m. to 8 p.m., Eastern Time. And, in the event you
are contacted by a member of the media, please state that any media
requests should be directed to Institute Communications, and then
immediately notify Institute Communications about the media inquiry.


More information about the BreachExchange mailing list