“You’re only as strong as your weakest link.”
That’s a lesson that Harvard Business School leadership is digesting today (February 25) after the Harvard Crimson reported that the business school suffered a data breach in December 2020. The report is based on a February 10 email from Chris Pringle, who serves as HBS’ Information Security Officer and Managing Director of IT Compliance, to impacted students. Pringle noted that Social Security numbers had been accessed by one or more “unauthorized third parties,” and that several pieces of personal information may have been stolen, including “names, contact information, date of birth, course enrollments, and exam submissions.”
The number of impacted students has not been released by the school, the Crimson reported.
The news has drawn mixed reactions from students. One anonymous student told the Crimson that it was “a huge breach in trust between students and HBS.” Another anonymous student brushed it aside, saying he had “a lot of confidence” in how the administration was responding.
THIRD-PARTY VENDOR BLAMED
The Crimson reports that the student data was exposed from December 21-29 at a third-party software vendor. HBS launched an investigation upon being notified by the vendor on December 29.
Ron Chandler, HBS’ CIO, shared news of the breach to school affiliates on January 11.
The school has since discontinued using the vulnerable software, Brian Kenny, a school spokesperson, told the Crimson. Kenny added that the vendor notified the school on January 20 that additional data may have been compromised from a different weak point in the software.
FREE CREDIT MONITORING FOR IMPACTED STUDENTS
HBS is currently working with federal and local law enforcement on the matter, Kenny added, telling the Crimson that the school is developing plans to protect students against identity theft.
HBS also will provide 24 months of free credit monitoring services to students impacted by the breach, Kenny said.
This incident is not unique for a top B-school. In 2017, Stanford Graduate School of Business suffered a major data breach that involved Social Security numbers, salaries, and birth dates for nearly 10,000 non-teaching staff at at the school. The data in that case was exposed for six months before the breach was detected.
DON’T MISS: MEET HARVARD BUSINESS SCHOOL’S MBA CLASS OF 2022