614-322-2222 or 877-770-8324

Indiana University reports potential data breach

Mar

12

Indiana University reports potential data breach

Indiana University reports potential data breach

Indiana University notified Indiana’s attorney general’s office this week of the exposure of approximately 146,000 records. These records included PII such as name, address, and Social Security numbers of students across 7 campuses, who attended from 2011-2014.

However, this instance is different from what we have with other recent exposures. In this case no servers were hacked, no systems were compromised, and there was no unauthorized download of anything. The data exposed was actually discovered by a web crawler, which was on the site for indexing purposes.

The university was quick to act and upon discovering the mistake they quickly rounded up the data and put it onto a secure server, until it could safely be transferred back. They also started the process of notifying students who may be impacted and notified the attorney general.

They have also set up additional resources for students such as a call center to handle questions, a website with information on how to monitor your credit accounts, and an FAQ. To also better assist in the process, the university took it upon themselves to share the names and SSN’s of those affected with the 3 major credit-reporting agencies, to make that process easier for the students should it reach that level.

Unlike other breaches we have seen recently, Indiana University did an excellent job in their response to the exposure. They had a plan and they executed it immediately. There are many others out there that should use this as an example of what needs to be done not just in the event of a breach, but even when there is only the potential for one.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


    Why risk it? Get started today! Call 614-322-2222


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved by IBM as its Top Tier offering, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction. including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.

REQUEST INFORMATION

Request Information