University of Oklahoma

The University of Oklahoma suffered a data breach that exposed thousands of students' educational records.

The compromised information includes social security numbers, financial aid information, and grades in records dating to at least 2002 through lax privacy settings in a campus file-sharing network, violating federal law.

They investigated the incident and FERPA expert Amelia Vance suggests schools regularly audit themselves.

Source: https://www.oudaily.com/news/ou-shuts-down-file-sharing-service-after-failing-to-protect/article_4f9a5e2c-50a2-11e7-a807-2f591e6c54f0.html

TPRM report: https://scoringcyber.rankiteo.com/company/university-of-oklahoma

"id": "uni53201022",
"linkid": "university-of-oklahoma",
"type": "Breach",
"date": "06/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Thousands of students',
                        'industry': 'Education',
                        'location': 'Oklahoma, USA',
                        'name': 'University of Oklahoma',
                        'type': 'Educational institution'}],
 'attack_vector': 'Lax privacy settings in a campus file-sharing network',
 'data_breach': {'personally_identifiable_information': 'Social security '
                                                        'numbers',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social security numbers',
                                              'Financial aid information',
                                              'Grades']},
 'description': 'The University of Oklahoma suffered a data breach that '
                "exposed thousands of students' educational records, including "
                'social security numbers, financial aid information, and '
                'grades in records dating to at least 2002 through lax privacy '
                'settings in a campus file-sharing network.',
 'impact': {'data_compromised': ['Social security numbers',
                                 'Financial aid information',
                                 'Grades'],
            'legal_liabilities': 'Violating federal law',
            'systems_affected': 'Campus file-sharing network'},
 'lessons_learned': 'Schools should regularly audit themselves',
 'regulatory_compliance': {'regulations_violated': 'FERPA'},
 'title': 'University of Oklahoma Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Lax privacy settings'}

University of Oklahoma

Dansons

TEP Holdings, LLC

Bolton Global