Kent State University recently addressed a security incident involving Keffer Development Services, a vendor managing the Athletic Trainer Services (ATS) platform used by the university’s athletics department. Keffer discovered that an unauthorized party had accessed an administrative account for ATS, potentially compromising personal information stored within the system. This breach was identified around December 14, 2023, when Keffer provided details about the affected data.
The compromised information includes personal details such as names, dates of birth, athletic treatment histories, and COVID-19 statuses, including vaccination records. Keffer reported that the breach occurred through a brute-force hacking method, and although Kent State University’s own systems and networks were not affected, the university’s data was involved.
In response, Kent State University has taken immediate action to mitigate the impact of the breach. An incident response team, including cybersecurity professionals, was assembled to assess the situation and strengthen security measures. The university is now requiring enhanced security controls from Keffer and has implemented stricter password requirements for employees using the ATS platform.
Additionally, Keffer has committed to bolstering its account security measures and is working with law enforcement to identify and hold accountable the perpetrator. Kent State University remains focused on protecting the privacy and security of its data and is actively cooperating with all involved parties to address and resolve the incident.
Reference: