A recent string of data breaches impacting three US universities serves as a reminder that universities are major targets for cybercrime.
Graceland University discovered that an “unauthorized user gained access to the email accounts of current employees,” and was thereby able to obtain the personal information of anyone who had communicated with the breached accounts. The exposed data includes full names, birth dates, addresses, email addresses and even some social security numbers.
Oregon State University (OSU) experienced a data breach in which “636 student records and family records of students containing personally identifiable information were potentially affected.” The attackers obtained the data by hacking into an employee’s email account. The compromised information was used in subsequent phishing campaigns.
Missouri Southern State University (MSSU) suffered a phishing attack that tricked various employees, providing attackers with access to Office 365 accounts containing “first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers.”
Read more: Three US Universities Disclose Data Breaches Over Two-Day Span