We End Violence, a third party vendor that provides online sexual assault prevention training to California State (Cal State) students notified Cal State that it experienced a vulnerability in its underlying code that exposed more than 79,000 students’ names, campus IDs, addresses, gender, race, ethnicity, age, relationship status and login credentials. No financial information was exposed, according to Cal State.
Both federal and California law requires the training, and this is one of the three vendors it uses to conduct the training for its students. The vendor is notifying the affected students.
Institutions of higher education are increasingly becoming targets and victims of cyber-hacking due to the extensive amount of personal data that they collect and maintain. This incident is another strong message to educational institutions to shore up security measures.