Located in New Haven Connecticut, Yale University is one of the most prestigious in the US. Producing alumni like; Hillary Clinton, Anderson Cooper and Indra Nooyi. Yet, in 2008 they suffered a data breach that exposed 119,000 individuals, including, alumni, faculty members and staff. The data included social security numbers and in many cases date of birth. In a select number of cases, some had their Yale and physical addresses stolen.
For the past decade, the university was unaware of the breach. To make matters worse, in 2011 the database had information deleted from to update security, however, no one detected the intrusion. Furthermore, in 2016 a threat actor accesses the database and stolen the names and social security numbers of 33 individuals.
Fortunately, Yale disclosed this information to the public. Many organizations do not find it necessary to divulge information on historical breaches.
This story echoes a similar one we wrote about earlier in the year regarding the University of Greenwich in England. In this case, the university was fined £120,000 for a breach in 2016 where 19,500 individuals had their data leaked. The data included a host of personal details including, addresses, date of birth, names and phone numbers; 3500 of the individuals exposed also had confidential medical information leaked. It will be interesting to see how the Yale case progresses, both cases share similar breaches, yet, about 10x more people were affected by the Yale breach.
Going forward, governments are going to be harsher and harsher with their penalties. This can already be seen in Europe, where GDPR can fine an organization up to 4% of global revenue.
To prevent these fines and to ensure that your organization is safe from all external and internal threats make sure to reach out and contact us.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.
Source: ZD Net