The Georgia Institute of Technology that is very well known as the Georgia Tech has confirmed about a data breach that has lead to the exposure of the personal information of 1.3 million former and current faculty member, staffs, students and student applicants. In a brief note that has been published, Georgia Tech stated that an unknown outside entity has gained the unauthorized access to its web applications and has accessed the central database of the University by exploiting vulnerability in the web app.
The first unauthorized access and the data breach to the system of the University on 14th of December 2018 were traced by Georgia Tech and it is unclear as to how long the unknown attackers had the access to the university database that contains the sensitive information (vital documents) of the students and the staffs. The database contained information of the names, addresses, social security numbers, date of birth, and internal identification numbers of the former and the current students, staffs and faculty and as well as the student applicants. Nevertheless, the University has launched a forensic investigation to determine the roots and the depth of the data breach. The IT department of the University has discovered the web app vulnerability at the end of the last month when it noticed a significant performance impact which led to the scrutiny of the issue.
The Georgia Tech University has patched the vulnerability after the data breach and has taken the initiatives to start notifying the impacted individuals via the email. The University has also co-ordinated with the consumer reporting agencies and the University System of Georgia to determine which protections will be provided to the affected individuals. The Georgia Tech has also notified the U.S. Department of Education and the University System of Georgia and one can expect more information soon.