Data breach
October 19, 2018
Sensitive information, including social security numbers and home addresses for almost 10,000 California State University, East Bay students and prospective students, has been compromised.
On Oct. 5, CSU East Bay’s news website released a statement in regard to an unauthorized access of personal information by a third-party source at intermittent times through March 27, 2017 and Sept. 2, 2018, which affected the College of Education and Allied Studies.
Information access included “Full names, addresses, dates of birth and Social Security numbers of 9,949 individuals,” according to the CSUEB website. The data accessed included information spanning from 2009 to 2018.
Those affected have been notified via postal mail, including individuals who have applied to or are in the process of completing credential programs at the CEAS.
The web application that contains the affected individuals’ information has since been removed from the server.
CSUEB’s information security team discovered the breach on Sept. 17.
“A routine examination of a campus server revealed unusual activity leading to the discovery of the incident,” according to Debbie Chaw, VP for Administration and CFO at CSUEB. “The university evaluated use of certain personal data and removed it from systems where it was not found to be necessary.”
This is not the first instance of servers being accessed by an unauthorized third-party.
“On August 11, 2014, [CSUEB’s] information security team discovered that unauthorized access to certain personal information occurred on August 23, 2013,” according to a communique released by CSUEB on Sept. 5, 2014.
In this 2014 breach, again personal information including the full names, addresses and social security numbers of over 6,000 people and the birthdates of over 500 people were accessed.
“We take this kind of issue very seriously and we sincerely regret any inconvenience this may cause the affected individuals,” said Chaw.
However, CSUEB is not the only university this year that has been affected by an unauthorized breach of Internet security In July, Wired compiled a list of “The Worst Cybersecurity Breaches of 2018 So Far,” this includes the infiltration of “144 US universities [and] 176 universities in 21 other countries.” These alone were perpetrated by nine hackers with ties to Iran’s Islamic Revolutionary Guard Corps.
Information mailed to those affected also included, actions being taken by the university to mitigate potential identity fraud, information on what individuals can do to safeguard themselves as well as a, “12-month membership in a credit monitoring service at the university’s expense,” says the university website.