Oregon State University data breach has exposed student and family personal data

Oregon State University (OSU) has disclosed on June 14, 2019, that personal data from the 636 student as well as family records were possibly exposed in the latest cyberattack.

Steve Clark, Vice President of OSU for the university relations as well as marketing, said that email of one employee working within university's Office of the Enrollment Management has been hacked in early part of May 2019. The email account was hacked through a phishing campaign. This incident has possibly exposed the names, addresses, birthdates, Social Security numbers, and other personal information of the students, prospective students as well as their family members.

"We have no evidence that those files were viewed or used but we felt it appropriate to inform people," Clark said. "This was a sophisticated attempt by an individual or individuals, not to gain data, but to utilize Oregon State University's email to send out phishing emails to other people or institutions".

Earlier also, Clark said that there have been some incidents where email accounts of OSU were used by the hackers for legitimizing and spreading phishing emails, but immediate action was always been taken.

In a statement, the OSU said that in the wake of this recent incident, the administrators will review the protection procedures as well as the IT systems that were used by the university to guard its email accounts, information systems, and student as well as family records.

Clark also added that recently the university has updated their identity verification system. As a result, the users are now needed to authenticate who they are every day in order to protect the sensitive information and also alert the university about hacking attempts. "While it did not prevent the sophisticated attack from occurring, that system was able to notify us that the attack had occurred in a timely way," Clark said.

"OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information," said Clark, adding that OSU is working now with the local law enforcement and the FBI.

12 months of complementary credit monitoring services was offered for those who are affected, and also a helpline was established for the students as well as their families.

» SPAMfighter News - 7/5/2019