In the first article, the University of Chicago sent out post cards to their 9,100 employees reminding them of their benefits open season. They added the extra bonus of including the employees social security number on the cards as well. The school stated:
A school official said there is no reason to believe outsiders had misused any of the information. The university also recommended that employees securely get rid of the postcards.
The problem is that it only takes one “outsider” to misuse the information once to potentially ruin someones life.
In the Pastebin message, GhostShell said that the recent attacks were launched to bring attention to various grievances the group holds toward the educational systems in the United States, Europe and Asia. The hackers cited growing tuition fees, frequently changing laws and heavily regulated teaching.
Furthermore, the group also noted that many of the systems targeted had already been infected with malware. Since these universities are meant to educate the future in various fields, one of them computer science and technology, it would make sense for these universities to apply the concepts and principles of security within the systems they use.
While governments and other organizations make mistakes, it is understandable that similar things would occur in academia, but regardless of where it happens, the old saying “measure twice, cut once” needs to be driven home in everything we do. If it is sending out a mail merge or a network, good security practices need to be a part of the thought process and the routine.