Communication

Security Incident!

Security Incident Update

Submitted Wednesday, April 10, 2019

Georgia Tech executed its security incident response protocol as soon as it detected signs of this incident. We provided the initial notification on April 2 based on our preliminary findings because we wanted to let our community know about what we found as quickly as possible. Our investigation is ongoing and is expected to take several weeks. Leading forensic investigation and data analysis firms have been engaged to continue the investigation.

Once the investigation process is complete, we will continue the process of notification by directly contacting the individuals whose data was involved. Future updates will be posted at breach.gatech.edu. That will continue to be the best source of information.


To the Georgia Tech Campus Community:

Submitted Tuesday, April 2, 2019

Georgia Tech discovered that unauthorized access to a web application has exposed personal information for up to 1.3 million individuals, including current and former faculty, students, staff, and student applicants. The Institute’s cybersecurity team is working to determine the extent of the access and to identify the affected individuals.

The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.

Georgia Tech learned of the illegal access in late March and immediately took action to address the vulnerability. The Institute is committed to the privacy and security of its personal data and deeply regrets the potential impact on those affected.

The U.S. Department of Education and University System of Georgia (USG) have been notified. The Institute and USG hope to have more information soon, including how to determine who has been affected and next steps.

We continue to investigate the extent of the data exposure and will share more information as it becomes available. We apologize for the potential impact on the individuals affected and our larger community. We are reviewing our security practices and protocols and will make every effort to ensure that this does not happen again.