Yes, I know 2023 is not over yet, but with the exploitation of a vulnerability in a piece of software called MOVEit (software used to transfer data files between two locations) earlier this year and the number of reported organizations impacted (over 1,000 worldwide as of August 2023), let alone the number of individuals impacted (60 million as of August 2023) has surely solidified this cyberattack the biggest of 2023.
To bring this a little closer to home, the U of I System did not escape this breach. While our computer systems were not directly compromised, some of our third-party partners were compromised, and they had data belonging to our students, faculty, and staff. This included the state of Illinois, which impacted almost 400,000 state employees, and the National Student Clearinghouse (NSC), which impacted 19 of our students.
Looking to the future, the likelihood of these types of attacks and breached data from third-parties will increase and be challenging to manage. From the university’s perspective, to reduce this likelihood, we need to be strategic with whom and what data we share, continually evaluate third-party digital risks, and demand that our third-party partners maintain appropriate data security and privacy safeguards.
