USDOE Alert: Security Breach at 62 Colleges Using the Ellucian Banner Tech/Data System
On July 17, 2019, the US Department of Education (USDOE) Office of Federal Student Aid posted the following security breach announcement “regarding the active and ongoing exploitation of a previously identified vulnerability in the Ellucian Banner (Banner) system.
First, to the heart of the matter:
The Department has identified 62 colleges or universities that have been affected by exploitation of this vulnerability. We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation.Victimized institutions have indicated that the attackers exploit the vulnerability and then leverage scripts in the admissions or enrollment section of the affected Banner system to create multiple student accounts. It has been reported that at least 600 fake or fraudulent student accounts were created within a 24-hour period, with the activity continuing over multiple days resulting in the creation of thousands of fake student accounts. Some of these accounts appear to be leveraged almost immediately for criminal activity.
And now, the entire USDOE announcement:
Posted Date: July 17, 2019Author: Federal Student AidSubject: TECHNOLOGY SECURITY ALERT – Exploitation of Ellucian Banner System VulnerabilityThe U.S. Department of Education (Department) has obtained information regarding the active and ongoing exploitation of a CONTINUE READING: USDOE Alert: Security Breach at 62 Colleges Using the Ellucian Banner Tech/Data System | deutsch29
