If you have attended one of my Top Ten Breach presentations you will know that the educational domains (edu) are a big target. I give several reasons:
- The databases keep extensive identity data — financial, health, etc.
- Attackers often have higher motivation than financial gain — pride
- They run flat organizations with distributed security models
- They like to share
- Idle compute resources are plenty
I could go on. DarkReading says the trend continues with University Databases In the Bull’s Eye
The education vertical has been hit by at least three other glaring database breaches at big universities across the country during the past few months
Come to my next Top Ten Breaches presentation this fall at the RSA Conference in London to hear what has changed from previous years.