University data breach exposes the personal details of hundreds of thousands of staff and students all over the world. 

A University data breach has exposed the personal data of hundreds of thousands of staff and students. A recent news report disclosed that a data breach at the University of Kentucky was discovered during a routine annual cyber security inspection. The breach appears to have been caused by a vulnerability in a server associated with the College of Education database. According to this statement from the institution, over 355,000 email addresses were exposed with victims located not just in Kentucky, but all 50 states and at least 22 other countries around the world. The database is part of a free resource known as the Digital Driver’s License training and test taking program, used by K-12 schools and universities across the country. The university has announced that it is implementing several enhanced security measures to mitigate the situation and reduce the chances of a repeat occurrence. 

The database consisted mainly of names and email addresses and contained no financial or social security information. 

According to officials at the University, while the potential for identity theft is very low, they are still taking the incident very seriously. The impacted school districts have been notified, along with the appropriate legal and regulatory bodies. The database of approximately 355,000 users, from all over the United States as well as 22 countries around the world, contained only users’ names and numbers, with no financial, health, or social security information included. The database, which is part of a free resource program used by many schools and universities through which students have taken civic courses in recent years. 

The University of Kentucky has released a statement outlining several enhanced security measures they will be utilizing moving forward. 

The University of Kentucky has published a statement on their cyber response, outlining several enhanced security measures they will be using following this data breach. These measures include repairing the server in question, an internal audit, as well as an additional $1.5 million investment in their cyber security to be used for implementing the enhanced security measures. According to their statement, University of Kentucky intends to appoint a Chief Information Security Officer to spearhead their efforts. Their efforts include implementing multi factor authentication, implementing more firewalls as well as rapid patching of critical vulnerabilities, among other systems. 

Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR, Law Enforcement Directive and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.