Georgia Tech Data Breach Potentially Exposes Info of 1.3 Million People

Georgia Tech disclosed Tuesday that 1.3 million people’s personal information may have been exposed in a data breach.

• By Jessica Davis
• April 04, 2019

Georgia Tech disclosed Tuesday that “unauthorized access to a web application” may have exposed the personal information of up to 1.3 million people, including current and former faculty, staff, students and prospective students.

In a statement, the university said its cybersecurity team is working to determine the extent of the breach and to identify the individuals affected. They don’t know what information was pulled from the system, but it could include names, addresses, social security numbers and birth dates.

The information illegally accessed was located on a central database. GT learned about the illegal access late last month and immediately began working to address the security vulnerability.

The university has notified the U.S. Department of Education and University System of Georgia have been notified. GT said it hopes to have more information soon, including how to determine who was affected and what steps to take to mitigate it.

“The breach of Georgia Tech student data is just one more example of the security failures plaguing many organizations,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Unfortunately, the push to encrypt more data has some unintended consequences for organizations that don’t have a program in place to manage machine identities effectively. The problem is that cyber attackers can hijack machine identities and use them to hide malicious activities. Most organization don’t have the technology necessary to make it possible for them to figure out which machine identities should be trusted and which should not.”