(follow-up) OH: Silence not broken nearly a year after security breach
The student paper at Ohio State University has continued to try to get answers to their questions about a breach at OSU last year that affected 760,000. You can read Ally Marotti’s recent update on The Lantern. The coverage paints an unflattering picture of the university in terms of transparency following the breach. Could the university really not have a detailed chronology or notes concerning steps it took after becoming aware of a breach? Despite a number of freedom of information requests, the campus paper is still having trouble getting answers to some questions, it seems.
The article also includes some figures on what the breach may have cost, in part:
After the breach, the university hired two computer security-consulting firms, Interhack Corp., based in Columbus, and Stroz Friedberg LLC, a New York-based firm.
According to an original estimate Lynch provided, OSU budgeted $200,000 and $22,000 for Stroz Friedberg and Interhack, respectively.
Additionally, $100,000 was budgeted for Vory’s, a legal consultant, and $50,000 for Adelman, a communications consultant.
For Experian, the incident notification consultant, OSU put aside $3.7 million, bringing the total estimated cost to $4.1 million. The university’s operating funds will go toward the costs, Lynch said.
The Lantern is still awaiting subsequent requests for the most recent estimates on how much the breach will cost OSU.
OSU hired Experian to provide year-long credit protection for those affected. OSU bought 500,000 activation codes from Experian, costing $3.19 each, for a total of nearly $1.6 million.