On June 19th, Harvard University discovered what they referred to as “an intrusion” on their computer networks. The Harvard security breach affected two IT systems that had an impact on 8 of its colleges and administrations. On November 21, 2014, Penn State was the victim of a cyber attack on their College of Engineering network. What do these two intrusions say about the protection of student information? Discover what the breaches involved and what colleges and universities can do to keep student data safe.
The Details of the Harvard Security Breach
While many of the schools at Harvard appear unaffected by the Harvard security breach, including the Harvard Kennedy School and Harvard’s dental, business, medicine, and law schools, a total of 7 colleges and administrative units were affected: the Faculty of Arts and Sciences, the Radcliffe Institute for Advanced Study, the Graduate School of Education, the Graduate School of Design, the T.H. Chan School of Public Health, the Harvard Divinity School, the John A. Paulson School of Engineering and Applied Sciences, and the Central Administration.
Harvard has issued a statement suggesting that anyone associated with the affected schools and administration should immediately change their password to both their school network login and their university email account. While the university has promised to take steps to improve their security and protection of student information, Harvard’s administration is currently unable to specify what information was stolen, stating that they “have no indication that personal data, research data, or PIN system credentials have been exposed,” but that login credentials have been compromised. They also claim that emails were not affected.
So how did Harvard respond to the breach? The university claims to be in the process of immediately implementing better security measures to protect their systems and data. Federal law enforcement offices were notified and a cybersecurity firm was contracted to complete a third-party investigation, which is still underway. Those affected by the breach were not immediately informed. Harvard claims they waited to notify their students and the public about the incident in order to improve their defenses and minimize damage.
The Penn State Security Breach and Beyond
The Harvard security breach calls to mind the Penn State security breach of 2014, which affected their College of Engineering. This particular data breach had lasted for years, and investigators were able to trace the breach to China. Other major universities, including the University of Maryland and Johns Hopkins University, have also been victims of recent data breaches, and the July Harvard breach was not the university’s first: in 2012 the self-titled GhostShell hacker group targeted and gained access to the school’s servers.
The discovery of the Penn State security breach and its aftermath was in many ways different than the Harvard security breach. Penn State initially found out about the issue only after the FBI alerted them to an attack on their engineering network. The university immediately hired a third party to investigate and discovered 2 previously undetected attacks across their network.
University administrators immediately went to work taking what they referred to as “significant steps” to improve their hardware and to protect the network against future attacks. While they worked to make these upgrades, contingency plans were implemented to allow the engineering department’s staff, students, and faculty as much access as possible to their work. In the first week following the discovery of the hack this meant that only limited access to data was available.
A Guide for Moving Forward
A data breach in any industry can have a ripple affect across various sectors. Fortunately, steps can be taken to protect student information by preventing this type of security breach in the future.
Take Data Offsite
The reality is that universities—even large ones like Harvard—generally don’t have the necessary resources to adequately protect student information. The best option is to turn to a third party like eFileCabinet that specializes in providing access to data while also protecting it with industry-leading security measures.
Cloud-Based Servers
Universities are also encouraged to move to Cloud-based servers. The Cloud offers superior protection compared to on-site servers and allows users to access data anytime, from anywhere—even after natural disasters, attempted cyber attacks, and other issues. eFileCabinet offers secure, convenient, and user-friendly options for universities, large corporations, small businesses, and virtually anyone in need of the best Cloud-based options around. Fill out the form on this page to learn more about your options.