The University of Kentucky said it discovered a security breach of one of its test-taking platforms during a scheduled security penetration test carried out by a third party in early June.
The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed in the early 2000s part of an education program called Open-source Tools for Instructional Support (OTIS).
The test uncovered a vulnerability in the DDL platform, which when the university investigated further it discovered that it had been exploited earlier in the year.
“The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals,” the university said in a press release.
