Three US Universities hit by data breaches impacting students and employees

• Graceland University notified that an unauthorized third party gained access to the email accounts of certain employees on March 29, 2019, as well as from April 1-30 and April 12-May 1, 2019, respectively.
• Missouri Southern State University suffered a data breach after several employees’ email accounts have been compromised in a phishing attack.

Three US Universities including Graceland University, Oregon State University, and Missouri Southern State University have disclosed data breach incidents impacting the personal information of their students and employees.

Graceland University data breach

Graceland University notified that an unauthorized third party gained access to the email accounts of certain employees on March 29, 2019, as well as from April 1-30 and April 12-May 1, 2019, respectively.

The compromised email accounts contained information such as names, social security numbers, dates of birth, addresses, phone numbers, email addresses, salary details, and financial aid information for enrollment at Graceland University.

“Graceland does not have any evidence at this time that this information was, in fact, stolen or has been used in a malicious manner, however, we cannot be certain of the extent of the unauthorized user’s intentions, so we would like to provide steps that can be taken to help ensure the safety of financials and personal identity,” the University said in a security notice.

Oregon State University breach

Oregon State University disclosed that the personal information of almost 636 students and their family members have been affected after an employee’s email account was compromised in early May 2019. The compromised email account was used to send phishing e-mails across the nation.

The University is conducting investigations and is reviewing its protection procedures and IT systems to better protect its students’ sensitive data.

“While we have no indication at this time that the personal information was seen or used, OSU has notified these students and family members of this incident. And we have offered information about support services that are available, including 12 months of credit monitoring services that the university will enable at no cost,” Steve Clark, the University’s VP relations and marketing said.

Missouri Southern State University breach

Missouri Southern State University suffered a data breach after several employees’ email accounts have been compromised in a phishing attack. The compromised email accounts contained information such as names, dates of birth, addresses, phone numbers, email addresses, and Social Security numbers.

“In late March, April, and early May, the University identified emails containing personal information that may have been compromised by the attack. In mid-May, the University confirmed that your first and last name and social security number were contained in the impacted accounts,” the University said in a data breach notice.

• Upon discovery, the MSS University notified the law enforcement authorities and the attorney general’s office.
• The University has hired a forensics team and cybersecurity experts to assist them with the investigation.
• It has also taken the necessary steps to review and improve the security of its Office 365 accounts containing sensitive data.