A vulnerable web app may have compromised the personal
information of 1.3 million students, alumni and employees at Georgia Institute
of Technology, the
institution announced on Wednesday
.

The data breach was detected in March, but it is believed to
have started in December 2018, giving an intruder plenty of time to access the
database and extract information. This may have affected some critical details,
including names, addresses, Social Security numbers and birth dates. 

Because they collected personally identifiable information
and student records, academic institutions are a top target — hackers can make
millions selling the data on the dark web. It’s somewhat unexpected that Georgia
Tech, a large institution focused on computer science and cybersecurity
innovation, has suffered such a basic breach not once but twice in recent
months.

In the first, in 2018, the information of some 8,000 students was accidentally emailed to the wrong person. But the bigger shock is that, in 2017, the state of Georgia committed to investing $60 million in cyber training, so at least in theory its security should have been bulletproofed to protect proprietary data.

“The U.S. Department of Education and University System of
Georgia have been notified, and those whose data was exposed will be contacted
as soon as possible regarding available credit monitoring services,” the school
said.

The cybersecurity team at Georgia Tech is investigating the
extent of the breach and other online vulnerabilities, but no details have been
released regarding the web application that caused it.