Seattle University in Washington is currently notifying individuals of a security breach that left their personal information open to anyone in the university computer network.
The breach was announced on July 17, in an incident notification issued to the Attorney General. The actual breach was discovered on May 25, at which point measures were put in place to improve security measures.
Names, checking account numbers and bank routing numbers were available when scanned checks became accessible on the network due to incorrect permission settings. Failure to put proper settings in place on an internal drive meant access was open for a period of time.
"Although I have been assured that there is no evidence to suggest any attempted or actual misuse of the information on your personal check, […] we are notifying you out of an abundance of caution," wrote Michael Podlin, the VP of University Advancement in the notification.
The notification went on to explain the processes being put in place by the university, such as putting safeguards in place to prevent similar incidents in the future.
"Maintaining the privacy of personal information is of the utmost importance to Seattle University, significant investments have been made in recent years to upgrade the university's technology infrastructure," he explained.
Education institutions cannot afford to let these types of data breach occur, and need to ensure policies and procedures in place to handle ongoing vulnerability management. Because security breaches can damage both finances and reputation, it's highly important to ensure that systems are always monitored, users vetted and staff trained in basic security management.
Failing to ensure security can be highly damaging for a business, and can occasionally result in a struggle to regain the trust of users and return to former operational capacity.