International Education Institute involved in major data breach
The Institute of International Education, an educational organization that operates 200 leading international scholarship programs, left sections of its database unprotected and open to public search. Vinay Sridhara of Balbix looks into the issue.by Tim Sandle
The Institute of International Education (IIE) operates hundreds of international scholarship and fellowship programs that cover in excess of 29,000 students, from 185 countries, every year. The organization is headquartered in New York.
It has been announced that the IIE left sections of its database unprotected and open to public search. The weakness was discovered by security researcher Bob Diachenko, who proceeded to notify the IIE upon discovering the data so that it could be secured. It remains that students may still be at risk of identity theft and fraud.
Looking into the issue Vinay Sridhara, CTO, Balbix tells Digital Journal about the importance of the potentially compromised data: “The Institute of International Education collects troves of highly sensitive and personal data of students around the globe and must take a stringent approach to protecting that data. "
Sridhara indicates that the situation is not atypical: "Unfortunately, the recent data leak caused by a simple security flaw experienced by the IIE is one that we have seen over and over. Companies continue to compromise data and suffer costly breaches due to exposed, unsecure databases left open and accessible to anyone online without basic protection such as a password. It was just over a month ago that Wyze leaked 2.4 million users’ data because no security protocols were configured to protect the database."
in terms of the importance of the data, Sridhara states: "Given that the leaked documents contained valuable information including passport scans, medical forms and tax withholding forms, students associated with the IIE should take caution. The data can be leveraged to craft targeted phishing campaigns, scholarship scams or tax scams to prey on unsuspecting students. "
As to what similar organizations need to do as part of preventative actions, says: "To mitigate vulnerabilities across an organization’s entire IT infrastructure and safeguard databases, it is vital that organizations achieve clear and comprehensive visibility over all assets, threats and risks across their networks. Effective security strategies that actively monitor for and quantitively assess all possible vulnerabilities, will enable companies to easily and quickly identify and patch unsecure databases before it’s too late.”