Eastern Illinois University revealed on Friday that an admissions office server had been infected with malware which it believes enabled attackers to freely access the system. EIU can not determine whether or not files were accessed, but IT technicians fear that as many as 9,000 files containing personal information on current and former students, as well as applicants, may have been compromised.
These stories are so common that companies and individuals alike may become de-sensitized over time. However, the fact that these stories are so common doesn’t reduce the impact on the institutions and individuals affected, nor does it eliminate the obligation of entities entrusted with sensitive information to take the necessary steps to ensure it is protected at all times.
Details are sketchy at this point for this breach, but it seems that the server was lacking antimalware protection, or that the antimalware signatures were not up to date. Its also possible that the malware was new or unknown and simply slipped right past the antimalware defenses. That is why the data on the server should also be encrypted to guarantee that it cannot be compromised even if the server itself is breached.