Earlier this month, Daytona State College had suffered a data breach which potentially exposed a large amount of personal employee information. This attack had involved the employee’s 2016 W-2 records and is currently under investigation by the FBI and the IRS. In a more recent attack, the college has been breached again, but this time it appears to have affected the students who applied for financial aid.
This new breach was discovered while the college was still in the middle of investigating the previous one. A school spokesperson had said in a statement, “Daytona State College discovered that certain financial aid records for applicants to the college for 2016-2017 enrollment were also implicated. We believe the incident was the result of certain insecure practices by one of our third-party vendors. We have identified and secured the breach.” The school had sent a letter out to those who may have been affected by this. The financial aid information compromised was from the initial application the students fill out, which is commonly called FAFSA.
The large issue with this financial aid information that was affected is the fact that not only was the information of the applying students compromised, but also the information of parents that would be put along with many younger individuals. The FAFSA forms contain a wide range of information including, names, birthdays, addresses, and social security numbers. All of this information can, of course, be used to steal a person’s identity, create fraudulent financial accounts in the person’s name, or the immediate attacker could simply sell it on the black market for other criminals to use. In the previous attack affecting the employee W-2s, the school had provided data protection services to whoever was seeking it, and they are doing the same for those potentially affected by this recent incident as well.
A single data breach can cause a wide range of damages and detriment to an organization, let alone two breaches. The school is going to need to approach this situation very carefully and appropriately to come back from it. While the most recent attack appears to have been from a vulnerability in a third-party vendor, this does not take the responsibility off of the school. When securing third party services and partnerships, it is critical that an organization evaluate their security as well being that it can affect them. The school is already at a disadvantage being that this is their second breach in a month, showing a lack of proper security in certain areas.
Applying Data Breach Solutions to Recover from a Cyber Attack
As mentioned above, a single data breach can have a wide range of consequences. Of course, there is the immediate data or financial loss, but there is also reputational and trust damage that needs to be repaired. The proper management and handling of a breach is what will allow an organization to recover from it, as a breach can potentially result in an organization failing if not addressed correctly with data breach solutions. There are an array of actions that need to be taken immediately upon the discovery a breach, including finding the source, patching it, and working to eliminate the threat in the future. And then there are of a course a large series of mitigation and public relations steps. Massive Alliance provides comprehensive data breach solutions that can help an organization to recover from a breach.