Full email :
To the Georgia Tech campus community:
I want to inform you about an incident involving the exposure of personal data. Recently, Georgia Tech discovered that unauthorized access to a web application has exposed personal information for up to 1.3 million individuals, including current and former faculty, students, staff, and student applicants. The Institute’s cybersecurity team is working to determine the extent of the access and to identify the affected individuals.
The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.
Georgia Tech learned of the illegal access in late March and immediately took action to address the vulnerability. The Institute is committed to the privacy and security of its personal data and deeply regrets the potential impact on those affected.
The U.S. Department of Education and University System of Georgia (USG) have been notified. The Institute and USG hope to have more information soon, including how to determine who has been affected and next steps.
We continue to investigate the extent of the data exposure and will share more information as it becomes available. We apologize for the potential impact on the individuals affected and our larger community. We are reviewing our security practices and protocols and will make every effort to ensure that this does not happen again.
Sincerely,
Mark Hoeting
Vice President for Information Technology
Chief Information Officer
