https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/
Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
