Three U.S. Universities have disclosed data breaches that impacted students and university employees after email phishing. All three universities, Graceland University (GU), Oregon State University (OSU), and Missouri Southern State University (MSSU) have notified the affected individuals. GU stated in a report dated June 14, 2019, that an “unauthorized user gained access to the email accounts of current employees,” on March 29, 2019, as well as “from April 1-30 and April 12-May 1, 2019, respectively.” The university discovered that the information that was accessed included, full names, SSN’s, dates of birth, addresses, telephone numbers, financial aid information, salary information, and parent/children information. OSU stated in a press release that “636 student records and family records of students containing personally identifiable information were potentially affected by a data privacy incident that occurred in early May.” OSU stated that they are working with forensic specialists to determine the impact of the breach. MSSU stated that their breach contained first and last names, dates of birth, home addresses, email addresses, phone numbers and SSN’s of employees of the university.
All three breaches are contributed to email phishing campaigns. Continued training of all employees in basic cybersecurity could have potentially stopped these breaches if users had the training to recognize the malicious email and simply deleting them before any breach happened.