Software Development

Carnegie Mellon University experienced a security breach — a reminder that cyber attacks are not rare

Experts say such attacks are increasingly common, so it's imperative that institutions safeguard their data.

Inside a university lecture hall. (Pexels/Pixabay)

Even an institution that prides itself on being ground zero for cybersecurity innovation isn’t immune to cyber attacks.

This week — coincidentally, Data Privacy WeekCarnegie Mellon University announced that in August 2023, its Information Security Office detected suspicious activity in the university’s computer system. According to the university, a third party accessed files that included the personal information of around 7,300 former students, current students, employees, applicants, and contractors.

Now that the investigation has been concluded, the university says there’s no indication that there has been any fraud or improper use of the information.

“Our information security office secured the system within hours of detection and quickly engaged law enforcement. The university recently concluded its full investigation of the breach and sent notification to anyone whose information may have been compromised,” the university said. “There is no evidence of fraud or inappropriate use of the information from those files. Out of an abundance of caution, CMU is offering credit monitoring and other services through Experian for anyone who may be impacted.”

How rare are cyber attacks?

According to Norton, roughly 2,200 cybersecurity attacks take place every day. The big ones make the news, from the 2019 attack on Baltimore city government to the 2021 ransomware hit on the Colonial Pipeline.

A security breach can have lofty consequences. During his time working in the healthcare industry, Vigilent Ops CEO Ken Zalevsky observed that the health and privacy of patients can be compromised when hospitals are attacked. That’s why it’s vital for institutions to take a proactive approach to protecting their data, he told Technical.ly earlier this month.

“Hospitals are being hacked and breaches [are] occurring, data [are] being lost, and in some cases, even patients [are] being put in harm’s way,” Zalevsky said. The goal of his company and cybersecurity in general should be “safety and security across all industries.”

Cyber attacks aren’t rare and even the most secure institutions can fall prey to them, said Ahmed Ibrahim, teaching associate professor at the University of Pittsburgh’s School of Computing & Information.

“It is very common for organizations to be breached. Every organization is a target. It’s actually almost guaranteed that every organization will be breached,” Ibrahim said told Technical.ly this week. “Thus, what really matters is what you do once you recognize that your organization has been breached. How do you contain such a problem?”

How to protect yourself or your organization from cyber attacks

Given CMU’s statement, Ibrahim said, he doesn’t believe that the individuals who had their info accessed should be overly concerned — in fact, he argued that there is likely more concerning information available about most people on the dark web. Still, it couldn’t hurt to use a credit monitoring service.

The best way for institutions to protect themselves is to follow the latest security best practices, he said, which includes regularly updating their incident response plan.

Plus, “CMU is home for US-CERT: the national Computer Emergency Response Team for the US,” Ibrahim said. “I would recommend that organizations check out latest cybersecurity practice improvements published by CERT.”

Atiya Irvin-Mitchell is a 2022-2024 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Heinz Endowments.
Companies: University of Pittsburgh / Carnegie Mellon University

Before you go...

Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
The journalism fund Preferred partners Our services
Engagement

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!

Trending

Empowering independence for Pittsburgh’s elderly and disabled community with tech

Every startup community wants ‘storytelling.’ Too few are doing anything about it.

How one-click job listings overtook the process — and slowed down tech hiring

The former Fort Pitt brewery is turning into a new AI and tech hub

Technically Media