EXECUTIVE SUMMARY:

Subscribe to our cybersecurity newsletter for the latest information.At the University of Colorado Boulder, a data breach may have exposed the personal information of 30,000 current and former students. The incident occurred due to a cyber attack on software provided by a third-party.

Due to the attack, some files stored within the software system were illegally accessed by unknown persons. Information potentially exposed includes birth dates, phone numbers, addresses, student ID numbers, and names.

How and why the attack occurred

The University of Colorado reports that administrators were preparing to implement an updated version of the third-party’s software. Hackers managed to exploit an older, known software vulnerability to launch the attack.

The 30,000 affected persons will receive notification via email. Most of the affected individuals are no longer connected to the university. Those affected by the breach will receive credit monitoring service options at no cost.

IT upgrades to stop future attacks

The latest version of the third-party software is not susceptible to the same vulnerability that permitted the intrusion. The university’s IT team was reportedly testing the updated software just ahead of the intrusion’s occurrence.

The University of Colorado has seen two cyber breaches in the past year. In January, it was one of a large volume of clients impacted by an attack on Accellion, a well-known file transfer service. Experts state that the two cyber attacks are not interconnected.

Continued university threats…

Across the past several months, numerous universities have reported cyber incidents. Most recently, the University of Sunderland experienced an attack that required the disuse of certain IT systems for five days. While systems were down, the university used Twitter to distribute information to students, teaching staff and administrators.

In early September, Newcastle University and Northumbria University both experienced disruptions due to cyber attacks. Shortly thereafter, the UK’s National Cyber Security Centre (NCSC) distributed an alert about a wave of cyber attacks that could affect the education sector.

Cyber security experts have observed that education and research institutions have seen a steady increase in the average number of cyber attacks per organization, per week. In July of 2021, data showed a 29% increase in attacks against organizations in the education sector as compared to H121. By country, educational organizations in India were the most commonly targeted, followed by those in Italy and Israel.

Quick tips for combatting university threats

  1. Encourage your colleagues and university students to review and strengthen passwords.
  2. Share informational phishing resources with those who you work with. See Cyber Talk’s phishing resources here.
  3. Limit your attack surface by ensuring that you have security across endpoints. This includes peripherals, applications, network traffic and data, which should remain encrypted when in motion, at-rest and in-use.
  4. Enforce corporate policies to achieve endpoint security compliance.
  5. Run anti-ransomware technology, which can help detect signs of ransomware and uncover running mutations of known and unknown malware families via behavioral analysis and generic rules.

For more information about preventing cyber attacks in the university setting, click here. Discover more cutting-edge business and cyber security insights when you sign up for the Cyber Talk newsletter.