The University of California, Berkeley, has admitted to a second data breach which may have exposed the data of 80,000 people to misuse. Current and former students, faculty members and vendors linked to the university are among those who have been warned about the incident, which took place through financial management software which contained a security flaw, allowing an attacker — or group — to access internal services. Lane Thames, software development engineer and security researcher at Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Lane Thames, Software Development Engineer and Security Researcher at Tripwire:
“Universities are fruitful targets for cyber attackers and malicious actors. I have first-hand experience dealing with these events. Intellectual property theft motivates many of the targeted attacks such as spear phishing academic staff. However, universities have large collections of personally identifiable information for their faculty, staff, and students, and this provides significant motivation for attackers.
Universities and post secondary educational institutions should not be using social security numbers for their students. School-specific identifiers should be used instead. The Social Security Administration frowns upon use of social security numbers for school identity purposes, and the Family Educational Rights and Privacy Act (FERPA) provides guidance on the use of students’ social security numbers. Universities that still utilize social security numbers for students should consider implementing a more modern approach based on their own internal identification system.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.