Privacy at Stake: Drake University Grapples with Data Breach

by | Sep 6, 2023

Drake University, an esteemed educational institution, is currently dealing with the aftermath of a recent data breach that has compromised the personal information of its students and alumni. This breach, which occurred through two service providers utilized by Drake, has raised concerns regarding data vulnerability and the measures implemented to safeguard sensitive information in today’s digital era.

In June, Drake University received alarming notifications from the National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association (TIAA), both organizations responsible for managing student data, informing them of a breach. This breach, affecting at least 1,000 schools across the nation, potentially exposed personal information such as names, dates of birth, and academic transcripts.

Investigations into the breach have revealed that an unauthorized party exploited a vulnerability in the MOVEit Transfer software utilized by the National Student Clearinghouse and its vendor, Pension Benefit Information LLC. It is also possible that TIAA, another vendor of the NSC, may have been affected. However, there is currently no evidence to suggest that sensitive information such as social security numbers or addresses from the student database was accessed.

Upon learning of the incident, Drake University promptly took action by locking and securing its system. The university has also enlisted the services of a third-party investigator and is collaborating with law enforcement to fully comprehend the extent of the breach. Cybersecurity experts are working diligently to prevent future incidents.

To inform affected individuals, Drake University will directly notify current students and alumni about the breach via postal mail. Furthermore, Pension Benefit Information LLC will provide free credit monitoring services for a period of two years to mitigate potential risks for those impacted. Similarly, TIAA estimates that approximately 640 current or former Drake students were affected and will also receive the same credit monitoring services.

While the breach has caused concerns, it is important to acknowledge that Drake University and its service providers are taking proactive measures to reestablish their systems. The MOVEit environment at the National Student Clearinghouse has been completely reconstructed, guaranteeing that customer data is transferred to a new, secure system. Comprehensive security updates have been implemented, and continuous monitoring is in place to identify and address any vulnerabilities.

Drake University emphasizes that data privacy and security have always been of utmost importance. This breach serves as a reminder of the ever-evolving threats present in the digital landscape and the necessity for constant vigilance. The university remains committed to enhancing its security measures, collaborating with experts, and implementing best practices to safeguard the personal information entrusted to them.

As investigations persist, it is crucial to recognize Drake University’s swift response and dedication to transparency throughout the process. Although the full extent of the breach is still being determined, the university’s proactive approach, involvement with law enforcement, and cooperation with cybersecurity experts instill confidence that necessary actions are being taken to prevent future occurrences.

In conclusion, the data breach encountered by Drake University underscores the significance of data privacy and security. Institutions must remain vigilant in implementing robust measures to protect the sensitive information of their students and alumni. Drake’s response, from immediate system lockdown to engaging investigators and offering credit monitoring services, demonstrates its commitment to addressing the issue head-on. As the investigation unfolds, it is essential for all parties involved to learn from this incident and collaborate to strengthen data protection measures, ensuring that such breaches are prevented in the future.