Dates of birth, home addresses, phone numbers, grade point averages, and other personal information of 160,000 Metropolitan State University (Minnesota) students have been exposed in a data breach after a hacker broke into the database.

Dating back 18 or 19 years, the data includes current and former students, as well as people who contacted the school but never enrolled.

The breach was first disclosed in January and the investigation concluded this week, finding that 11,000 students also had parts of their Social Security numbers leaked.

There has been no evidence yet as to whether this personal information has been misused, but the compromise has highlighted Metropolitan’s lack of effective cybersecurity procedures.

This week Auburn University (Alabama) announced a breach, affecting 370,000 Social Security numbers of students and other people who had applied to the university.

Universities deal with large and complex networks and systems, so implementing effective security controls is a massive undertaking.

ISO 27001, the information security management system standard, simplifies the requirements of diverse laws and regulations (e.g. FERPA, HIPAA, PII, PCI) into a single management system. This streamlines much of the work of adhering to complex requirements that often overlap significantly.

For universities looking to secure their systems with an internationally recognized standard, there are a number of ISO 27001 fixed-price packaged solutions that offer different degrees of tools, resources, and support depending on your organization’s needs.