Heimdal
article featured image

Contents:

After a data breach in 2021 exposed the personal information of nearly 200,000 people, the attorney general of New York requested a university to invest $3.5 million in cybersecurity.

The measure addresses the data security deficiencies that led to a ransomware attack in 2021. Marymount Manhattan College (MMC), a liberal arts college in New York City, and New York State Attorney General Letitia James announced the agreement on 21st of September.

When institutions like Marymount Manhattan College fail to properly protect online data, thousands of New Yorkers are put at risk as a result. In the modern digital age, companies and universities alike must do a better job at safeguarding the personal information with which they are entrusted.

Attorney General Letitia James’ Statement (Source)

Personal Information and Financial Data, Accessed

The investigation run by Attorney General James’ office revealed that in November 22021, threat actors breached a Microsoft Exchange server and gained access to personal information and financial data of 191,752 students, employees, and alumni.

The school paid a ransom to the group, which has not been identified. The investigation revealed deficiencies in its technical infrastructure and violations of New York laws, including inadequate data security and timely notice.

MMC did not admit or deny the investigation’s findings, but agreed to several actions including the $3.5 million investment. The school will create an information security program, train employees annually, encrypt sensitive data, and conduct penetration tests.

MMC Was Facing a Fine of $1 M

The institution faced a $1 million fine from New York state, but officials agreed to postpone the payment in exchange for a promise to invest in cybersecurity controls between 2023 and 2029. If the school fails to implement the agreed-upon measures, it will be fined $1 million plus interest.

As explained by The Record, Shein, Carnival Cruises, Wegmans, Sports Warehouse, a medical management company, EyeMed, OneMain Financial Group, a prominent law firm, and others have all been hit with hefty fines by James’ office and New York regulators for failing to adequately protect their customers’ personal information.

Securing the Educational Sector

A multi-layered cybersecurity approach is the best option for educational institutions looking to protect their data and avoid the consequences that a cyberattack might bring.

Many organizations turn to endpoint security solutions to protect devices such as computers, laptops, smartphones, servers, and IoTs. The purpose of endpoint security solutions is to prevent unauthorized access to these devices and the data they contain.

Heimdal’s endpoint security offering covers all the essential cybersecurity layers your organization needs, including a DNS security solution, a patch and asset management product, a next-generation antivirus, a ransomware encryption protection module, a privileged access management, and an application control tool.

Schedule a demo and see the difference!

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you want to learn more about cybersecurity in the educational system, read this article by my colleague Cristian: Shielding Learning: The Power of Cybersecurity in Education.

If you want to explore the best endpoint security options out there, check out this article: The 12 Best Endpoint Security Software Solutions and Tools [2023].

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE