Earlier this month, the FBI began to look into startling allegations from over 700 students who are currently attending or have attended California State University, San Marcos who claim their identities were stolen from computers at the university. Did they have a password manager in place? All signs are pointing to a big fat no.
The North County Times reported that the investigation was ignited after it was rumored that a man attempting to be appointed as the student body president at the school of higher learning could have planted devices that would allow him to steal student computer IDs and passwords. And after arresting third-year business student Matt Weaver due to election fraud and identity theft, he was subsequently not even charged with a crime. However recently, the FBI stated it was still looking into the situation.
“We are looking into it," said FBI Special Agent Darrel Foxworth in a statement. "I can't say exactly what we are looking at, but given the facts and circumstances that have been reported to us, it appears there may be violations of federal laws."
Basically the way this cyber attack took place is when students casted their votes by computer, their IDs were then stored and utilized to change the winner of the election. Each student that attends this university with around 10,200 students currently, when first enrolled receives a user ID and password to sign into a school account, which they can leverage to register for or drop classes, as well as to vote in various school elections.
University spokeswoman, Cathy Baur, said the campus "has never before had a situation where a student or students have taken log-in or password IDs from students they did not know." She added that is the largest identity theft case –and the only one that has taken place at the school since it opened its doors way back in 1989.
The university responded to the cyber threat by locking down 700 compromised accounts, making students aware of what had taken place and letting them revote for their desired electoral candidate.
Would these students still have been targets if the university implemented a password manager such as SplashID Enterprise, a solution that fully supports Windows and Mac OS clients, new mobile apps and a Web-based applications that allows users to access usernames, passwords and other critical records while providing management and access control features to ensure IT security compliance? Again, all signs point to a big fat no, which is sad because this frustration could have simply been avoided by quickly alleviating the most immediate password concerns of IT.
Edited by Amanda Ciccatelli