Back to Data breach

Data breach

Personally identifiable information exposed in Yale University's data breach.

In June 2018, Yale University announced that it underwent a data breach back in 2008 and 2009. This breach exposed the personal information of faculty, staff, and alumni, including their names, social security numbers, physical addresses, and birthdays.

What happened?

Some time between April 2008 and January 2009, hackers were able to access a database stored on the university's server. While the school deleted personal information from that database in 2011 in an effort to protect personal information, the IT team did not realize that a breach had occurred years earlier. Yale's IT team discovered the breach in 2018 while testing the university's servers for vulnerabilities.

The school is offering free identity monitoring services to those affected by this data breach. Its IT team is also making a constant effort to ensure the security of personal data, including ceasing the use of SSNs as identifiers and running periodic vulnerability tests on Yale servers.

This breach wasn't the last the university would face. Just two years later, in 2011, the personally identifiable information of 43,000 staff, faculty, students, and alumni was exposed online when a File Transfer Protocol (FTP) server containing that data became searchable via Google.

How ManageEngine can help

ManageEngine's comprehensive log management and auditing tool EventLog Analyzer helps you:

  • Audit access to the confidential data stored in your databases.
  • Monitor user activity within databases.
  • Get real-time alerts about targeted attacks such as SQL injections.
  • Monitor IIS FTP server logs.

Start your free trial of EventLog Analyzer today.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.