Have you ever considered your college having a data breach and had no idea? A similar feeling of shock resonated with me when I heard that Princeton University had one. They publicly stated that a database was accessed by entities unknown that held information relating to donors, alumni, students, and parents. Yes, this is not a small matter.
On November 10, Princeton made the discovery that outsiders had accessed an internal database from the advancement office.
This internal database contains information required about past students, parents, donors and sometimes students.
The statement also indicated that it typically does NOT include:
Here is why it matters:
1. Ascertain if you are a connection of Princeton (alumni, donor, parent or student).
2. Be cautious of emails indicating they are from the university. Don’t click anything suspicious.
3. Change your passwords and put two-factor authentication (MFA) on any accounts/information associated with your personal school records.
4. Monitor your credit or identity for anything suspicious. Phone number and address are often used in scams.
5. If you work for a school or organization, beef up your data security so your users do not have to potentially confront the same situation.
What Actually Happened?
Timeline of the breachOn November 10, Princeton made the discovery that outsiders had accessed an internal database from the advancement office.
This internal database contains information required about past students, parents, donors and sometimes students.
Was Any Information Leaked?
Princeton stated the database was comprised of names, email addresses, phone numbers, work and home addresses, whether donations or communication was sent as well as information on alumni events and engagement at Princeton.The statement also indicated that it typically does NOT include:
- Social Security numbers
- Passwords
- Bank or credit card information
Why This Is Important
You may be thinking, "Why should I care if I do not donate."Here is why it matters:
- Big time universities, with lots of money and security, can still be hacked.
- The leaked data is then easily used by scammers to trick you.
- They can simply send you emails that say: "Update your donation info" or "You need to change your parent record."
- If you shared your information at some point, there could be data still stored somewhere you no longer remember.
What You Should Do Now
So, here are some basic steps to assure your safety:1. Ascertain if you are a connection of Princeton (alumni, donor, parent or student).
2. Be cautious of emails indicating they are from the university. Don’t click anything suspicious.
3. Change your passwords and put two-factor authentication (MFA) on any accounts/information associated with your personal school records.
4. Monitor your credit or identity for anything suspicious. Phone number and address are often used in scams.
5. If you work for a school or organization, beef up your data security so your users do not have to potentially confront the same situation.
Final Thoughts
The Princeton data breach reminds us that no one is 100% safe—not even an Ivy League institution as well-known as Princeton. There is a general principle of caution for students, parents, donors, or alumni:- Always be vigilant about checking your emails.
- Change your passwords periodically.
- Don't assume "the university will protect everything."
