The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants.In a brief note published Tuesday, Georgia Tech says an unknown outside entity gained “unauthorized access” to its web application and accessed the University’s central database by exploiting a vulnerability in the web app.Georgia Tech traced the first unauthorized access to its system to December 14, 2018, though it’s unclear how long the unknown attacker(s) had access to the university database containing sensitive students and staff information.
The database contained names, addresses, social security numbers, internal identification numbers, and date of birth of current and former students, faculty and staff, and student applicants.However, the University has launched a forensic investigation to determine the full extent of the breach.
“The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates,” the note published on the University website reads.
The University’s IT team discovered the web app vulnerability at the end of last month when it noticed a significant performance impact.
“Application developers for the Institute noticed a significant performance impact in one of its web applications and began an investigation on March 21, 2019,” Georgia Tech says in the FAQs detailing the incident.
“During this investigation, it was determined the performance issue was the result of a security incident.”
Georgia Tech has since patched the vulnerability and already started notifying potentially impacted individuals via email.The University is also “coordinating with consumer reporting agencies and the University System of Georgia to determine what …