All sorts of businesses and organizations are potentially vulnerable to hackers. Educational institutions are no exception, as highlighted by a recent example involving Northwest Florida State College.
One or more hackers accessed a folder on the school’s main server from May through September, according to a memo from the College’s President to all employees. The folder contained multiple files.
By working between the files, the hacker(s) apparently managed to assemble sufficient information to steal the identities of 50 employees, CNET reports. Names, social security numbers, dates of birth and direct deposit account numbers were accessed. Apparently, data relating to addresses, phone numbers, and college email addresses also was compromised.
But there is more.
The President’s memo indicates that current and past employees going back to 2002 who have utilized direct pay deposits potentially have been the subject of data compromise. The number of impacted employees could be as high as 2,200.
The College President opines that all of this was the result of “a professional, coordinated attack by one or more hackers.” He also is concerned that student information such as birth dates and social security numbers may have been accessed, but he is not presently aware that such information has been taken.
In terms of technological solutions, the President points out that “the access pathway used to invade our main server has been sealed.”
Plainly, educational institutions are not immune from hacker attacks and the potential for data security breaches. Accordingly, they would be smart now to implement needed technological measures on the front-end to prevent or mitigate possible attacks.
So, for example, if a school has some sort of access pathway to a server that could serve as an avenue for a hacker attack, that pathway needs to be addressed in order to prevent such an attack.
Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes. His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com. To receive a weekly email link to Mr. Sinrod’s columns, please send an email to him with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.