Database breach discovered in UK College of Education; UK to implement new security measures

Emily Girard

A recent cybersecurity inspection revealed that information from UK’s College of Education was accessed by an unauthorized individual. UK announced in a news release Thursday that it will increase its cybersecurity measures as a result of this breach.

The leaked information contained names and email addresses of students and teachers from 50 U.S. states and 22 foreign countries. The news release stated it did not contain “financial, health or social security information,” making the possibility of identity theft low. The data was part of Digital Driver’s License, a free K-12 program used for civic testing and training. UK has notified the impacted individuals; in total, over 350,000 people were affected.

“We will invest whatever it takes to protect our infrastructure and systems that enable us to do so much in support of our teaching, research and service missions,” UK Chief Information Officer Brian Nichols said in the news release. “Good work by our team discovered this incident and was able to limit its impact. Now, we will take even more steps to further bolster our security as we know every major institution faces constant threat.”

UK’s new safety measures include remediating the compromised server and patching vulnerabilities in important computer systems. UK will also invest over $1.5 million into cybersecurity in the coming year. This will be added to the $13 million UK has spent on cybersecurity in the past five years.

“We have increased cybersecurity investments and enhanced our mitigation efforts in recent years, which enabled us to discover this incident during our annual inspection process,” Nichols said. “We take this incident seriously, and it is unacceptable to us. As a result, we will be taking additional measures to provide even more protection going forward.”

This breach has not been the only cybersecurity issue UK has faced in recent years. UK experienced a cyberattack in May 2021, and another breach in September 2020 put the information of about 163,000 UK HealthCare donors and patients at risk. 

“We know we are part of a long and ever-growing list of institutions – in both the public and private sectors – that are attacked by these bad actors,” Nichols said in the news release. “That’s why we must be ever more vigilant in the mitigation measures we deploy to protect our infrastructure and systems.”

For more information on how UK is promoting cybersecurity, visit https://www.uky.edu/its/CyberSafe. Please direct any questions to [email protected].