Tech’s network was infiltrated by malicious software known as ransomware, which gained access to the university’s system through a Tech employee’s work computer on Dec. 12, 2016.
The employee conducted research on a trusted website that had been compromised and allowed the ransomware “access to a variety of files, some of which included sensitive, personal information of current and past Georgia Tech employees,” reported Tech’s HR Department. The data breach was corrected after 30 minutes, but in that time data elements like names, social security numbers, addresses, benefit elections and bank account numbers were potentially exposed, according to the HR report. All security systems are currently restored and secure, but a further investigation is taking place to gain more information on the breach and its impact.
In what was deemed an “abundance of caution,” the HR department is notifying all individuals who might have been affected by the breach both through email and a formal, mailed letter.
Furthermore, according to the LCA’s website, Tech is offering a complimentary one-year subscription to the Legal Club of America (LCA), an organization that specializes in family protection and discounted legal care in Tax Preparation & Advice, Financial Education, Credit Counseling and Identity Theft Solutions.
Affected individuals will be automatically enrolled and contacted within the next month. Tech has also proactively contacted three major credit agencies (Equifax, TransUnion and Experian), and recommended steps for all employees to further protect against identity threats.
Tech’s Office of Information Technology (OIT) routinely focuses on efforts to reduce phishing and malware scams on both students’ and employee’s computers. According to their website, Tech received approximately 3 million emails every day, of which 90 percent are spam, phishing
or malware.
To increase awareness of the issue, OIT allows and opt-in programs for units to receive fake phishing emails that test individuals’ ability to recognize
email scams. OIT also states that while around 20 percent of people fall for OIT fake phishing emails by responding with or divulging sensitive information the first time they send them out, that number drops to under two percent with regular training exercises and
repeated testing.