- Статьи
- Internet and technology
- Database of submissions: leaks of personal information from universities increased by 36%
Database of submissions: leaks of personal information from universities increased by 36%
In the first six months of 2025, the number of personal information leaks in Russian universities increased by 36% compared to the same period a year earlier, according to the information security system integrator Informzashita. The largest number of such leaks in universities is recorded not in the middle of the year, but on the eve of the new study season. What is the reason for the growth of fraudulent schemes, what tricks are used most often and how to protect yourself — in the Izvestia article.
Demand for data
Cybercriminals hunting for personal information have shifted their attention to higher education institutions, said Elman Mehdiyev, head of the Financial Literacy Development Association, in an interview with Izvestia. The attackers extract student and staff data from university databases, and then resell these arrays to fraudsters for use in illegal schemes. According to him, it was universities that turned out to be a new target after a number of attacks on other structures.
"Since social engineering methods work well during periods when there is no active interaction between students and universities, it is during these periods that the demand for such data increases, which means that the number of such attacks is growing," the expert noted. "Protecting data and infrastructure requires significant investments in both the IT infrastructure itself and both processes and procedures for the use of data stored in their "perimeter". This is another reason that we are still learning about such leaks.
The increase in the number of fraudulent schemes around universities is the result of two processes, Sergey Katyrin, President of the Chamber of Commerce and Industry of the Russian Federation, told Izvestia.
— On the one hand, there is a rapid growth in the digitalization of the educational environment: today, about 80-90% of admissions services have already been transferred online. On the other hand, the personal data of students and applicants is becoming "digital gold": it is not only passport information, but also exam results, contacts, information about parents, he recalled.
According to him, it is precisely during the influx of applicants, when tens of thousands of applications and documents accumulate in online systems, that intruders are particularly active. During such periods, they resort to proven methods: they create fake versions of university websites, send mass emails demanding to confirm personal information or send missing files, and make phone calls posing as members of admissions committees. In addition, tricks are often used to offer fictitious services, such as paid "accelerated enrollment" or even access to non—existent "scholarships for a fee."
— In order to minimize risks, it is necessary to act on two levels. Students and their families should remember that universities never request passport data or transfers through third-party links. And universities themselves should invest in cyber defense, test their systems for vulnerabilities, and promptly inform applicants about real communication channels," Sergey Katyrin is convinced. –– Trust in digital education services is not only a matter of convenience, but also the reputational sustainability of the entire sector.
Psychological pressure
Timur Sadykov, head of the Laboratory of Artificial Intelligence, Neurotechnology and Business Analytics at Plekhanov Russian University of Economics, noted in a conversation with Izvestia that admission to the university is becoming a turning point for many. At this stage, a person is faced with a sharp expansion of the circle of acquaintances, a lot of new responsibilities and the need to make decisions on their own in a short time. According to him, such changes can temporarily unsettle even the most reasonable and cautious students.
— Phone scammers systematically attack university students (as well as their employees), seeing them as potential victims. First of all, newly minted first-year students are at risk, not all of whom have managed to navigate the whirlwind of new cases. As a rule, the attackers present themselves as university staff and require the transfer of personal data, SMS codes, and in some relatively rare cases, money transfers under one pretext or another," he believes.
To increase credibility, attackers often resort to forged documents, as well as short videos, both real and created using neural networks, the expert explained. In some cases, for the sake of influencing a single person, criminals build a whole virtual performance with complex dramaturgy. At the same time, leading Russian universities ensure reliable protection of databases with personal data of students and teachers. However, scammers often find ways to future victims through open sources, primarily social networks, which they have long turned into a well-established and widespread tool for parsing.
— Students and staff should rely on official communication channels (corporate mail, student's personal account, etc.) when communicating with the university, they are well protected and rarely find themselves at the disposal of criminals. We should be extremely skeptical about any requirements for providing data received on behalf of university staff through messengers, private email addresses and from unknown phone numbers," he stressed.
Timur Sadykov noted that it is almost always about fraudulent attempts, and the only sure way to protect yourself will be to independently verify information through the official channels of the university. The student or staff member must personally initiate an appeal to the representatives of the university, using only proven communication methods. As the best solution for first-year students, the expert advised visiting the dean's office and personally getting to know the curators, who will be able to provide explanations and answer any questions that arise.
If an applicant or student is faced with a situation where their personal data has fallen into the hands of fraudsters, it is important to act as quickly and consistently as possible in order to minimize possible consequences. First of all, it is necessary to fix the leak itself. To do this, you should save all suspicious emails, messages, calls, or screenshots from messengers and social networks. These materials may be useful when contacting official authorities. Then you need to contact the administration of the educational institution, explain the situation and clarify whether the information could have fallen into the wrong hands through the university's internal systems. The Dean's office's specialists or responsible staff can give instructions on how to secure further use of the data and where exactly to send the application.
Izvestia sent a request to the Ministry of Finance, but no response had been received at the time of publication.
Переведено сервисом «Яндекс Переводчик»
