News Column

Final costs of data breach total $130,000 for IU

July 17, 2014

By MJ Slaby, Herald-Times, Bloomington, Ind.



July 17--The costs of a data breach at Indiana University last February are final.

"The incident cost the university about $130,000 in direct costs and staff time," said Mark Land, IU spokesman.

He said there were no reports that anyone's identity was stolen due to the exposure.

The data breach in February exposed personal information from 146,000 students and recent graduates. Information such as names, addresses and Social Security numbers of those who attended any campus from 2011 to 2014 were unsecured for more than 11 months.

Land said the cost of a call center to answer questions and of mailing notification letters ended up being less than expected. Originally, the call center was expected to cost $75,000 but was actually about $56,900. Mailings -- estimated at more than $6,000 -- actually cost $2,800.

In addition, $70,400 of salary and benefits was spent as IU employees worked on the issue, Land said. He said that totaled 1,076 hours of work and includes information technology staff, the general counsel's office, communications staff and more.

The exposure happened when an authentication point was not working. The student data was encrypted so it couldn't be read easily, IU officials said at the time. Only three "web crawlers" -- automated computer data mining applications -- were found accessing the information.

Land said the cost of the call center and the mailings were paid for by University Student Services and Systems, where the exposure happened. He said the salary and benefits were not added costs due to the breach.

The call center began in late February and closed on June 30. Land said he center received about 1,000 calls, mostly in the first few weeks.

Although many in the exposed group were notified via email, Land said IU mailed notification to those who no longer had emails on file with IU.

Land said after the incident was reported to the state attorney general's office, IU worked internally to make about eight action points, mostly about staff training, to prevent a future exposure. The corrective steps also included raising awareness of the issue with all employees, Landsaid.

___

(c)2014 the Herald-Times (Bloomington, Ind.)

Visit the Herald-Times (Bloomington, Ind.) at www.heraldtimesonline.com

Distributed by MCT Information Services


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Herald-Times (Bloomington, IN)


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters