Data breaches slam campuses this summer
Colleges and universities nationwide have seen student and faculty information compromised by hackers, botnets
It’s been a tough summer for college IT officials charged with defending campus servers from hackers who target databases brimming with students’ and faculty’s personal information.
At least three universities—the University of Maine, Penn State University, and Florida International University—reported data breaches in June that compromised Social Security numbers, academic and financial records, and other information for about 40,000 students and faculty across the three institutions.
These universities and others that have scrambled to alert faculty and students of data crimes in recent years are not alone, according to research from the Identity Theft Resource Center, a San Diego-based nonprofit organization.
The number of reported data breaches in schools and colleges increased from 111 in 2007 to 131 in 2008, according to a 2009 report released by the center. Data-security crimes jumped by 47 percent overall between 2007 and 2008, according to the research.
The University of Maine announced June 29 that officials were investigating a data breach that started when two campus servers containing the university’s “student databases” had been compromised by hackers. The breach potentially exposed the personal information of 4,585 people who used the university’s counseling center services between August 2002 and June, according to the school’s announcement.
“This is an insidious crime, all too common in our society in general and universities in particular,” University of Maine President Robert A. Kennedy said in a statement. He added that the school would “take this matter seriously, and we are aggressively pursuing the criminal investigation while working diligently to provide identity theft protection services to those who may have been affected.”
The university launched a web site late last month dedicated to keeping Maine students and faculty apprised of updates on the security breach.
The site says that students and faculty affected by the data breach would receive “at least 12 months of identity protection at no cost” through a company called Debix Identity Protection Network. “Those services include credit monitoring, alerts regarding credit changes, and identity theft insurance,” according to the university’s site.
Florida International University joined the ranks of compromised campuses when officials said more than 19,000 students and faculty had their information exposed on an “unsecure database” identified in May. The school announced June 22 that the information “is now secure.”
The database, according to the university, was used “in connection” with the College of Education students’ eFolio software application, which captures information such as test scores, grades, and other “data elements.” Personal information for 88 faculty members also was exposed in the data breach, according to Florida International.
Penn State University sent letters to 15,806 people whose personal information—including Social Security numbers—was exposed when a computer in the campus’s Outreach Market Research and Data office was compromised by a “bot.” A group of bots, or “botnet,” as they’re known, is a network of compromised computers controlled by malicious software programs that exploit web browser vulnerabilities and a host of other security holes in a personal computer.