Companies and government agencies are not the only targets for hackers, they also attack colleges and universities. There have been other higher education institutions that have been attacked and have taken measures to try to prevent repeat attacks by hackers. There are processes, methodologies and technologies that can be purchased to reduce cybercrime threats. Laws have been put in place to protect universities, businesses, government agencies, and other facilities used to convict violators. Along with laws, government programs are in place that can complement security operations. When a crime has been committed, there are several tools that can be used to collect electronic evidence as evidence. The stolen personal documents date back to 1998 and affected students attending two campuses. The information stolen by the hackers included people's names, dates of birth, college identification numbers and Social Security numbers. The university sent notices via mail to everyone affected by the hack, it also sent emails to people who had emails along with the alumni databases. To ensure people were informed, the university also issued appeals to inform people. The university offered a free five-year subscription to Experian ProtectMyID and launched an investigation into the systems and formed a cybersecurity task force. The university contacted state and federal law enforcement agencies who investigated the incident and examined the breached files and records to see how the hackers could have gotten past the defenses. The university wanted everyone to be informed about data security and protection against identity theft and organized a series of seminars on these topics. The university wants to prevent future attacks and has taken preventive measures. According to Pottiger (2014), the university has invested a lot of resources and efforts in risk management and cybersecurity (Pottiger, 2014). The university has created a campus-wide IT risk. According to Lineberry (2007), the organization spends a significant amount of money in the information technology budget for cybersecurity with firewalls, vaults, locks, biometrics and more that can be breached by attackers chasing inexperienced people. and uninformed employees (Lineberry, 2007). Employees need to be trained in cybersecurity awareness. They should be familiar with the ways hackers will try to enter your network using viruses, spam emails to spread viruses, social networks and more. If your organization has an open Internet for employees to search the Internet, inform them what to look for when searching that could lead to a malicious site. For example, the title of the page might be what they are looking for but the web address linked to it might be completely different. Monthly newsletters on current trends in cybersecurity awareness could help keep employees informed, as there was an increase in social engineering attacks last month and are expected to be higher this month, they keep employees alert. Employees should also be informed about who the IT staff is and what they will not ask over the phone, such as password information. An annual refresher course would help via online training or training conference. The process should be implemented by management policies