Executive Summary:

Hackers were able to obtain social security numbers, dates of birth, race and contact information for 125,000 students that had applied to attend classes at Kirkwood Community College. The security breech covered applications taken during an eight year period running from February 2005 until March 2013. College officials contacted the FBI upon learning of the breach. Neither the FBI nor the school is sure how the attack occurred. The FBI stated that the attack came from an international IP address but did know which country. That indicates that is was likely a spoofed IP address. The school indicated the site had strong security and the attacker must have been sophisticated.

Analysis:

Kirkwood Community College responded quickly when learning of the breech. Kirkwood Community College officials noticed a spike in activity on their site. Detection of this anomaly indicates use of an Intrusion Detection System control. The school then appeared to follow the Intrusion Response Process for Major Incidents protocol. They detected the incident, determined there had been a loss and called the FBI. The school contained the incident by disconnecting from the Internet. The school then entered the recovery stage by hiring a security firm to aid with response, investigating the incident, improving security and getting back online. The school then issued a sincere apology. They acknowledged responsibility and harm and explained the inconvenience and potential harm. They then went on to say how they would assist the students in the months to come. The college is providing identity theft services which include a year of credit monitoring alerts. Although the school controls did not prevent the incident they were able to detect it. With this experience, and improved security, the Kirkwood students should be able to have confidence in the security of their personal information.