With all the news about #OpIsrael, it was easy to miss a breach that was reported today involving Kirkwood Community College in Iowa.
On March 13, they were hacked, and the hacker had access to 125,000 records from students who had applied online for credit courses between February 2005 and March 5, 2013. The school is not sure whether any data were downloaded at the time of this publication.
In WCF Couriers’ coverage of the breach, vice president of student services Kristie Fisher was quoted:
She said the college believes that its database was adequately protected, but that hacking has become too common.
How can you claim your database was adequately protected when it was just hacked to the tune of 125,000 records?
“Unfortunately, we think we just found ourselves in the middle of something that’s happening all over the world,” she said. “In today’s world, you can’t protect anything 100 percent when it’s online.”
OK, so then knowing that, why did you need to have records going back to February 2005 connected online? Are students who signed up in February 2005 at your two-year community college still signing up for classes 8 years later?
Knowing the risk, did you really need all that data connected?