Georgia Tech reveals data breach, 1.3 million records exposed

Students and staff have been involved in the breach.

Commonwealth floats increased penalties for privacy breaches Consultation pencilled in for second half of 2019 -- on the other side of the upcoming federal election.

The Georgia Institute of Technology has revealed a data breach which has potentially exposed information belonging to 1.3 million employees and students.

This week, Georgia Tech said the security failure occurred due to a web application which was vulnerable to outside entry.

An unknown threat actor managed to access a database connected to the application. The database contained personal information belonging to "some current and former faculty, students, staff and student applicants," according to the academic institution.

See also: Home DNA kit company asks you to upload your family tree for the FBI

Names, addresses, Social Security numbers, and dates of birth may have been exposed. 

However, reports suggest that the institute's current enrollment is just under 27,000 students, and so the data breach may have included years' worth of historical data to reach over one million records.

Georgia Tech was made aware of the incident in late March after developers noticed a "significant performance impact."

A vulnerability believed to be at fault has since been patched. The app is now also being checked for additional security weaknesses.

TechRepublic: What is the Dark Web, and why is it so bad if your information is there?

An investigation is underway and both the US Department of Education and the University System of Georgia have been notified.

"Georgia Tech is committed to the privacy and security of its personal data and deeply regrets the potential impact on those affected," the institute says.  

CNET: Kaspersky Lab will warn you if your phone is infected with stalkerware

Georgia Tech says those whose data is involved in the breach will be "contacted as soon as possible regarding available credit monitoring services," -- although whether or not these systems, which can alert users to suspicious activity, will be offered for free is not made clear.

Previous and related coverage