Infosecurity magazine reports this week that Eduserve, an online community for IT professionals focused on serving higher education, has suffered a data breach that affects the accounts of 2,100 members. Details about the cause of the breach have not yet been released, but Eduserve notes that any information included in the breached profiles (including names, passwords, and email addresses) is now accessible to the hacker(s).
The breach serves as yet another reminder that information security online needs to be a concern for everyone, and that no one is exempt from the dangers presented by hackers and viruses. This point is underscored by the fact that one of Eduserve’s programs is the Higher Education Information Security Council, which advocates for better data security among educational organizations.
Overall, Eduserve works to promote the benefits of using information technology services in higher education to bolster traditional educational efforts.
Fallout from the Data Breach
Eduserve’s data breach serves as a reminder to IT professionals that even those who are highly tech savvy are vulnerable to hacking and data breaches. To its credit, the company has done a lot in the direct aftermath of the breach:
- Administrators have reportedly been alerted to the data breach, and the company is in the process of contacting affected community members. For many owners of small technology businesses, the first reaction when a data breach occurs is to bury their head in the sand or do everything possible to correct the incident – without alerting the people affected. In the long run, though, this is not a useful tactic: when the story of the breach comes out eventually, the attempt to cover it up can cause a loss of customer confidence.
- Thanks to data storage policies, some community members are not at risk. Certain members of Eduserve are not affected by the data breach because their information was stored outside Eduserve’s servers. Segmentation of groups proved a smart risk management strategy, as it allowed the firm to contain the data breach quickly.
- Eduserve is working with investigators and regulators to assess and contain the breach. Investigations into the company’s data security may reveal unflattering details about its current security practices (especially given its stated data-security mission), but in the long run, such information will provide valuable guidelines for improving security in the future.
Cyber Liability Potential
The good news for Eduserve is that the company’s liability for cyber damages may not be too great: the information exposed in the breach was not “sensitive” – no credit card numbers or SSNs were stored in the breached Eduserve accounts.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter