The University of Delaware (UD) was among the schools victimized in a deluge of higher education data security breaches this summer.
Many colleges don’t use encrypted eMail to send sensitive information.
Other Delaware schools are now taking precautions in the aftermath of a hack that exposed personal information for more than 72,000 current and former employees.
UD’s early-August security breach was due to a third-party software the school had been using, Karl Hassler, associate director of IT Network Systems and Services at UD, said in an interview with Newsworks.
The university, in the days after the breach was discovered, worked closely with Delaware Attorney General Beau Biden’s office and the FBI, according to the Newsworks report.
Other Delaware colleges have taken steps to avoid major data breaches as students return to campus and classes start in the coming days and weeks.
“That security begins with physically securing our data network through the use of firewalls and physically isolating the student network from the production network,” said Jody Sweeney, chief technology officer at Wesley College in Dover. “It also means ensuring that no hardware or software allows for any access to personal data of our employees or students across that divide.”
More than half of colleges and universities transmit various kinds of sensitive data – including financial details – over unencrypted channels, according to a survey conducted by HALOCK Security Labs, a security firm based in Illinois.
“When universities utilize unencrypted email as a method for submitting W2s and other sensitive documents, the information and attachments are transmitted as cleartext over the internet,” said Terry Kurzynski, partner at HALOCK Security Labs. “This format is susceptible to hackers and criminals who can use this private information for identity theft.”
Higher education officials said no matter how far schools go to prevent hacks that expose vital information, security breaches have proven difficult to avoid in recent years.
“Just as the cyber breach that took place at the University of Delaware demonstrates, there are no absolutes when it comes to preventing criminal database intrusion,” said Delaware State University spokesman Carlos Holmes.