During a Pen-Test University Of Kentucky Unveiled A Data Breach


Cyberspace witness a rapid surge in cyberattacks as hackers continue to steal millions of documents at an alarming rate. A thorough penetration test is important to counter their attempts throughout the year. 

Likewise, The University of Kentucky did an annual cybersecurity assessment revealing a website flaw that enables an unauthorized person to probably purchase a copy of their College of Education database. There were no financial, health, or social security data leaked in the database, which restricted identity fraud potential.

The material stolen mainly contained emails and passwords as per the letter of violation issued by the university. There have been no SSNs or financial details leaked in it. 

Penetration tests are intended to evaluate the safety, the testing tools imitate actual attack scenarios that detect and expose security holes that can result in stolen records, impaired credentials, intellectual property, PII, cardholder data, personal, protected health, data ransom, or other detrimental business results. 

Although in the last five years the UK has enhanced cybersecurity, and the issue has been spotted, the UK will now implement extra security measures. The database for the training and the testing of K-12 schools in Kentucky and other states is part of the free resource scheme known as a Digital Driver's License. \

The information in the breach included the names, e-mail addresses, and addresses of Kentucky teachers and students and more than 355,000 individuals in every 50 states and 22 other nations. UK authorities have alerted and notified the relevant regulatory bodies and the affected school districts. This breach had an impact on the university's Digital Driver’s License platform, an internet portal that was established by the university in the early 2000s in the course of an Open Source Tools for Instructional Support program (OTIS). 

“The University of Kentucky has spent more than $13 million on cybersecurity in last five years alone,” said Brian Nichols, UK’s chief information officer. “We have increased cybersecurity investments and enhanced our mitigation efforts in recent years, which enabled us to discover this incident during our annual inspection process conducted by an outside entity. Although the potential for identity theft is limited, we take this incident seriously and it is unacceptable to us. As a result, we will be taking additional measures to provide even more protection going forward. UK's chief concern is end-user privacy and protection and we are making every effort to secure end-user data.”