Nonprofit association Educause recently announced that a security breach may have exposed users’ names, titles, e-mail addresses, user names and hashed passwords, along with the hashed passwords of .edu domain holders.
“An Educause spokesman said more than 90,000 individual profiles and more than 7,000 dot.edu domain accounts may have been affected by the breach,” writes Business Insurance’s Judy Greenwald.
“The group said that it had taken immediate steps to contain the breach and that it was working with law enforcement officials and outside security experts to investigate the incident and guard against future breaches,” writes The Chronicle of Higher Education’s Nick DeSantis. “Based on its investigation so far, Educause said it does not believe the breach involved sensitive personal or financial data. The organization has deactivated all passwords as a precaution.”
“[The] initial Educause breach notification, however, had some treading carefully, as the fact that it included links to a third-party website made it ‘impossible to differentiate from a phishing e-mail,’ according to one member,” writes Network World’s Paul McNamara. “Another urging caution was Purdue computer science professor and security expert Gene Spafford, who in a listserv reply … called the email ‘a reasonably good fake and some people are likely to fall for it.'”
“Ironically, one of its initiatives is the Higher Education Information Security Council, which is focused on improving programs for information security, data protection and privacy programs,” Infosecurity reports. “Educause in general has a focus on analysis, advocacy, community building, professional development and knowledge creation to support the ‘transformative role that IT can play in higher education,’ with membership that spans not only colleges and universities but also government and supporting corporations.”