Reportedly, a well-known university has recently fallen victim to a data breach which had initially been linked to a phishing attack. This time, it is the Oregon State University that confirms data breach following the cyber attack. The incident allegedly affected hundreds of students, prospective students and their families, exposing their information to the attackers.
Oregon State University Data Breach
Reportedly, Oregon State University has suffered a data breach incident. As disclosed in the security notice shared on their official website, the institution faced a cyber attack from a phishing group. According to the university the attackers reached the inbox of the hacked email account of an OSU employee and accessed the information present there for the purpose of sending phishing emails;
An OSU employee’s e-mail account was hacked by individuals outside the university and used to send phishing e-mails across the nation.
Explaining the details of the matter, the notice read that the incident affected precisely 636 students however, the impact of the breach also extended up to their family members. But this attack went beyond phishing emails as the attackers were able to view sensitive information, as stated,
…several documents in the inbox of the OSU employee’s e-mail account… had personal information of 636 students and family members of students.
The breached details included personally identifiable information (PII) of the students, thus exposing them to various security threats.
According to the details shared with the public, OSU allegedly suffered the security breach in early May 2019. Upon noticing the breach, the officials began investigating the matter, which is still ongoing. As stated by Steve Clark, VP University Relations and Marketing at OSU,
OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information… We will continue to monitor such efforts and systems, and take further steps to protect the university’s information technology and sensitive data.
For now, Clark confirmed no indication of misuse of breached information. Nonetheless, out of an abundance of caution, the university has informed the students and their respective family members of the incident. In addition, the university also offers free 12-month credit monitoring to the impacted individuals.
This report comes alongside another breach disclosure from Graceland University. It also suffered a security incident following unauthorized access to an employee’s email account.
Let us know your thoughts in the comments section.