At least 25 major U.S. and Canadian colleges and universities including the University of California, Santa Cruz, Virginia Tech University, Aurora Higher Education Center, Cornell University, and MIT had their students' data compromised following a cyberattack against online ticketing platform AudienceView last month, according to The Record, a news site by cybersecurity firm Recorded Future.
University of California, Santa Cruz disclosed that it had been notified by AudienceView that the malware attack on the ticketing platform's Campus offering led to the exfiltration of users' credit card data, while Aurora Higher Education Center elaborated that the incident has exposed credit card numbers, CVV numbers, and expiration dates.
Several students at both Cornell and Ithaca College reported losing up to more than $1,000 as a result of the breach.
"All potentially impacted parties have been contacted and offered credit monitoring and identity protection services for 12 months, free of charge. A full investigation has been performed by third-party cybersecurity experts, Mandiant, and AudienceView has implemented additional security measures to further protect against similar incidents occurring in the future," said an AudienceView spokesperson.
Included in the exposed dataset labeled "PDL" were individuals' full names, email addresses, phone numbers, location data, professional summaries, and skills, as well as education and employment histories.
Attackers could leverage the issue — which impacts Nexus 3000, 7000, and 9000 series switches with vulnerable NX-OS versions with DHCPv6 activated and are in standalone NX-OS mode — to facilitate continuous crashes of the dhcp_snoop process and a denial-of-service condition.
Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program.