News & Comment: Social Security Numbers Accessed in Yale Data Breach

Social Security Numbers Accessed in Yale Data Breach

Yale University has just discovered it was the victim of a data breach in 2008 and 2009, and now school officials are warning personal information including social security numbers and dates of birth were…

Read full article 


Ryan Wilk, Vice President, NuData Security, a Mastercard company:

“Yale University is taking steps to help amend the potential damage of this breach by advancing the forensic investigation and contacting all affected parties as soon as possible.

On the flip side, although financial information was not exposed, even having your social security number, name, address, and date of birth stolen can still cause problems. Cybercriminals can use this information to create a complete profile of students. Add a bit of social engineering, and they can start cracking all types of accounts and even open up new accounts in the students’ names.

Protecting data from breaches is becoming increasingly challenging, but innovations in technology and following best practices can help organizations detect and mitigate the damage after a data breach.

Organizations can do this by implementing intelligent ways to authenticate their users so that the stolen personally identifiable information is not enough to access an account. Organizations need security multi-layered intelligence that can evaluate not just the data but also the user behavior through passive biometrics and behavioral analytics. Behavioral-based authentication methods are proving to be extremely efficient in tackling this threat and keeping users’ accounts safe. Multi-layered solutions that evaluate the user’s behavior give a true insight into who is behind the device – and provide high accuracy on whether it is the consumer or a cybercriminal using consumers’ correct credentials.

Recognizing users’ online behavior, instead of basing a decision on a password, means that bad actors can’t use the stolen credentials to open an account, making leaked credentials valueless.”