Georgia Tech said Wednesday the origins of the data breach that potentially impacted an estimated 1.3 million current and former students and employees has been traced back to as early as December.
The world-renowned school, which offers computer science degrees, has said, though, it didn’t discover the breach until March 21. Tech disclosed the breach Tuesday.
“We have determined that an outside party leveraged a vulnerability in a web application,” Georgia Tech said in a weblink listing frequently asked questions about the breach.
A Georgia Tech spokeswoman said Wednesday the school has not determined who committed the breach. The school is currently not granting interview requests.
Georgia Tech offered some details Wednesday through the weblink about how they discovered the breach. Application developers noticed “a significant performance impact” in one of its web applications and began an investigation. During this investigation, they determined the performance issue was the result of a breach.
The exposed information may include names, addresses, Social Security numbers and birthdates, officials said. The school is coordinating with credit monitoring agencies to determine what protections will be offered.
Georgia Tech said the vulnerable web application has been patched, and it’s checking for any additional online vulnerabilities.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.