August could be a bad month for data security in higher education

Universities recently reported a deluge of cyber attacks from China.

The return of college students to campuses next month could mark a data-stealing bonanza for hackers as unprotected personal information moves back and forth between institutions and their students.

More than half of colleges and universities transmit various kinds of sensitive information – including financial details – over unencrypted channels, according to a survey conducted by HALOCK Security Labs, a security firm based in Illinois.

One-fourth of the 162 institutions included in HALOCK’s survey said they advised students and parents to send personal information – including W2 documents – via eMail.

The questionable data security practices of so many colleges and universities could prove particularly problematic in the weeks before fall 2013 courses begin, as students and parents submit sensitive information for a variety of reasons, including to secure financial aid before the semester kicks off.

“When universities utilize unencrypted email as a method for submitting W2s and other sensitive documents, the information and attachments are transmitted as cleartext over the internet,” said Terry Kurzynski, partner at HALOCK Security Labs. “This format is susceptible to hackers and criminals who can use this private information for identity theft.”

Kurzynski suggested that beyond simple negligence, risky data transmissions from colleges and universities could draw the interested of government officials and agencies.

“These are foreseeable risks that are extremely treatable,” he said. “Breaches resulting from this type of transmission will capture the attention of the states’ attorneys general and the Federal Trade Commission.”

See the next page for a list of reasons for data breaches in higher education…