The March Madness bracket feared by every campus IT official


“Not having one body that really is aware of all the security aspects of a college is a disadvantage for [higher education,” he said. “All [departments] aren’t complying with one set of policies that have been laid out.”

Hackers sometimes impersonate authorized users of a campus network, allowing access to digital treasure troves of Social Security numbers, birth dates, grades, and contact information, according to an Applications Security report.

Network attackers also have been known to manipulate logs and hide their illegal activity

However alarming, college data breaches since last spring have fallen to the lowest levels since data security has been tracked by websites like Privacy Rights Clearinghouse.

There were 480,000 student and employee records breached in higher education in 2011, less than one-fourth of the 2010 total of 1.7 million compromised records. 2005 had the highest total of campus records breached with 1.9 million.

No school from this year’s Data Breach Madness made the list of all-time information breaches. The record still belongs to the University of California Los Angeles (UCLA), which, in 2006, reported a breach that exposed 800,000 records. Ohio State University (OSU) had the second-worst data breach, with a 2010 incident that involved 750,000 students, faculty, alums, and campus employees.

Firewalls that protect the perimeter of a college’s database have become commonplace in higher education, Rothacker said, but investing in security technology that tracks any and all activity within a database filled with personal information isn’t used on many U.S. campuses.

“Activity monitoring is at a relatively young stage,” Rothacker said. “But I think colleges see that there’s major value in this because they’re getting much better at protecting their records.”