Checking Data Breach in Organization

Executive Summary

The California State University is a public university system in California. The university systems Composed has around 23 campuses and 8 off-campus centers enrolling 460,200 students with 24,405 faculty and 23,012 staff. The University system headquarter is located  at 401 Golden Shore in Long Beach, California 

The CSU has a total of 17 AACSB accredited graduate business schools and offers more than 1,800 degree programs in some 240 subject areas. The university hosts international students around 10% of its total strength, so the scope of the university is not limited to USA but across 50+ countries of the world.

Target Organization: California State University, Los Angeles

CSU,LA host its web application services under the domain name of www.calstatela.edu [Exhibit 1]. The University. It hosts its application on below two servers [Exhibit 2]:

 ns1.calstatela.edu.        172023        IN        A        130.182.1.1

ns2.calstatela.edu.        172023        IN        A        130.182.1.11

The university uses Microsoft Office 365 as Email Service Provider for internal and external communication network. [Exhibit 3]. The university hosts its DNS and MX Servers in Long Beach, California along with its corporate office. [Exhibit 4].

Data Breach at CSU, LA: Information such as passwords used to log into the class, as well as sign-in names, campus-issued email addresses, gender, race, relationship status and sexual identity were exposed. Personally identifying information such as Social Security, credit card and driver's license numbers was not compromised. The student information was exposed by a third-party vendor (hired to provide Web-based sexual assault and prevention training). About 488 students were affected by the data breach according to official reports of the university. [Exhibit 5].

Sensitive Information open to vulnerability: Though CSU, LA had a major data breach in September last year that impacted around 80,000 students across 8 campuses, but the organization still has some open directories or documents that can be accessed through Google search hack strings. Employing the techniques discussed in lab, the results started to appear.

The university’s properiraty student projects that are supposed to be under security do not the condition of confidentiality.  [Exhibit 7] shows the student’s name along with their project reports. The university IT department is unaware of the situation that this data is accessible to network intruders.