Here at Everything Tech, we’re all about creating and maintaining secure IT infrastructure for your organisation, no matter how large or small it may be. But private businesses are not the only organisations that need to run many of their day-to-day operations from well-maintained, highly-secure digital environments to ensure all sensitive data is protected. Modern public institutions, such as schools, are mines of highly-personalised data; improperly stored digital information can easily lead to potentially damaging (and perhaps dangerous) breaches in security.
This was recently demonstrated at a school in the United States where 2,166 Social Security numbers (the US equivalent to the UK’s National Insurance number) of former Johns Hopkins University students were exposed to potential hackers, as reported by the Baltimore Sun newspaper.
On March 19th, officials at the university discovered that the names and Social Security numbers of former graduates were stored on a server that was accessible via the web. The records, which were intended to be used internally, belonged to people who graduated between 2007 and 2009. Although the university does not believe the names and numbers were accessed by anyone with malicious intent, logs do indicate that the records were accessed over 30 times, possibly by search engines or web crawlers, but potentially by hackers or other undesirables.
The files were taken offline as soon as the problem was discovered, but it only takes one malicious visit in the midst of such IT indiscretions for damage to be done, such as details being published online or shared amongst unscrupulous individuals. In mitigation, the university offered one year of free credit monitoring and identity protection to all students who were affected (presumably so they can see if anyone has stolen their identities, which is the danger of such personalised data being available to cyber-criminals). They have also assured students that university employees will be trained to make sure the error is not repeated. Nevertheless, prevention is better that cure, and the incident shows the importance of having highly-competent, vigilant and professional IT personnel monitoring and maintaining computer systems that house, process and distribute highly personal data.
Incidentally, this is actually the second time that Johns Hopkins has had concerns about the security of student data in recent months. Back in March, someone claiming to be with the hacker group Anonymous posted the names, email addresses and phone numbers of 848 current and former biomedical engineering students at the University, for all to see. The hacker was allegedly attempting to extort server passwords from the university, which they said they didn’t hand over.
EverythingTech offer Disaster Recovery, IT Services and Support in Manchester. If you represent a public organisation in the Manchester area and are interested in cost-effective, expert IT services, get in touch with us today. We operate under a pay-per-user structure so you only pay for the support you need.