More than 14,000 records were hacked at Champlain College after a flash disk was taken from a computer lab.
Perhaps every month, not just January, should be Data Privacy Month in higher education.
Massive data losses have come at a furious pace in colleges and universities over the past year, with news of massive data breaches sometimes greeted with public ambivalence rarely seen even a few years ago.
It’s sometimes difficult to keep track of notable data losses on campuses of every size. It should be noted, however, that 2006 was the high water mark for campus-based data breaches. More than 2 million campus records were illegally accessed that year, according to the Privacy Rights Clearinghouse.
“Not having one body that really is aware of all the security aspects of a college is a disadvantage for [higher education],” said Alex Rothacker, director of research for Application Security. “All [departments] aren’t complying with one set of policies that have been laid out.”
Here’s a rundown of some of the worst data breaches in higher education over the past year, some of which were so massive that the exact number of people affected by the breaches remains unknown.
1) University of Southern California (USC) on June 29, 2012: Third-party university software designed to process credit card transactions across campus was illegally accessed, though names of credit card owners were not associated with the card numbers that were hacked. The precise number of credit card numbers involved remains unknown.
2) Kirkwood Community College on March 13, 2013: The Social Security Numbers of more than 125,000 applicants over an eight-year span were exposed in this massive hack of the community college’s website. The archived information did not include financial details from the applicants, however.
3) Virginia Commonwealth University (VCU) in November 2012: A massive data security breach led to the exposure of more than 176,000 student and employee records. Ten files on a VCU campus server that was hacked last fall included dates of birth, contact information, names, online identification numbers, Social Security numbers, and various programmatic and departmental information. VCU was the 21st campus to report a data breach involving more than 100,000 records since data incidents were first recorded in 2005.
4) Salem State University in February 2012: The university notified more than 25,000 current and former students and staffers that their private information may have been exposed after the school detected a virus on one of their computer drives in February.
5) Champlain College in June 2013: More than 14,000 personal files were exposed after a flash drive was found in a campus computer lab. The school’s post-breach statement read: “Once the drive was returned to the information systems department, the college launched an internal investigation, retained independent forensics experts and hired privacy and data security legal counsel to assist with the investigation of, and response to, this incident. … The college has no evidence of any attempted or actual misuse of the information stored on the device, but out of an abundance of caution notified those potentially impacted of steps they can take to monitor their identity, financial accounts, and credit, should they feel it is necessary to do so.”