Hack at U of Nebraska shows university data at risk

Higher education is not immune from the scourge of data breaches, as the recent exposure of more than 650,000 records at the University of Nebraska demonstrates.

Dark Reading reports that the breach, which was discovered May 23, involved a hack into a database containing the personal records of current University of Nebraska students and alumni from as long ago as 1985, as well as other data held by the state college system.

The hack was "extremely targeted," said Joshua Mauk, the school's information security officer. He added that there has been no evidence any of the data exposed by the hack has been used for any illicit purpose.

Damon Petraglia, director of forensic and information security services for Chartstone, said the breach has the hallmarks of a spear-phishing attack. Petraglia, who has consulted on information security with other colleges and universities, said there were indications "that the attacker had researched and done reconnaissance to select a specific target."

The University of Nebraska incident is just the latest in a series of breaches at colleges and universities that have left potentially sensitive data exposed. Dark Reading has compiled a slideshow of "The (Not-So) Elite Eight in Higher Ed" highlighting previous breaches at institutions of higher learning.

And in an unusual case, admins at the City College of San Francisco last year discovered a virus in its systems that had been stealing students’ bank information for more than 10 years.


About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected