University of South Carolina notifies 34,000 of computer records hack

The university has had six security breaches since 2006.

The University of South Carolina has started notifying 34,000 people with ties to its College of Education that their personal information might have been accessed in a computer intrusion discovered nearly three months ago.

The data-security breach is the largest of six that USC has reported since 2006. Almost 81,000 records belonging to USC students and employees have been exposed during the past six years.

“That’s a dreadful track record,” said Beth Given, director of the Privacy Rights Clearinghouse, a San Diego, Calif.-based consumer rights group that tracks breaches.…Read More

Experts: University of Nebraska cyber attack was unsophisticated

There have been more than 30 security breaches in higher education this year.

The hacking of information on more than 650,000 University of Nebraska (UN) students, alumni, parents, and employees—which ranks among higher education’s largest data breaches—had the markings of an amateur job.

The university announced last week that the school’s student information system was hacked, possibly revealing the Social Security numbers, financial aid data, birth dates, course grades, and home addresses of University of Nebraska-Lincoln, the University of Nebraska at Omaha, the University of Nebraska Kearney, the University of Nebraska Medical Center and the Nebraska College of Technical Agriculture stakeholders dating back to 1985.

UN officials said the centralized information system was exposed for hours before an IT staffer discovered the breach. Since then, UN police have seized computers and electronic equipment from an undergraduate student who might be connected to the data breach.…Read More

The March Madness bracket feared by every campus IT official

UCLA still has the worst campus data breach ever recorded.

March Madness has yet to tip off, and Virginia Commonwealth University (VCU) has already won a championship. This run through the NCAA Tournament brackets, however, won’t end with campus celebrations, especially in VCU’s IT department.

VCU, a 32,000-student campus in Richmond, Va., that came up one game short of the 2011 NCAA Tournament championship game in its improbable path to the Final Four last spring took home a less glamorous prize March 12, when the university was named the winner of the 2012 Higher Education Data Breach Madness tournament.

Application Security, a database security company based in New York, released a bracket filled with colleges and universities that reported the worst database breaches from the previous year. All 48 higher-education data incidents were mentioned in the bracket, and 16 schools were given bye-rounds.…Read More

Google search change leads to major higher-ed security breach

IT experts say campuses should more quickly adjust to Google search changes.

A modification in the way Google searches the web exposed the Social Security numbers of 43,000 people affiliated with Yale University, highlighting another data storage vulnerability that could vex campus IT leaders and prompting questions from technologists who are skeptical of colleges’ commitment to securing sensitive information.

The Yale breach is the latest high-profile data security incident in higher education—one that originated in September 2010, when Google announced its searches would include file transfer protocol (FTP) servers, which previously had been off-limits to general internet queries.

Read more about data breaches in higher education……Read More

The Final Four no college wants to make

There have been 2.3 million records breached at colleges since 2008.

There’s a March Madness bracket out there that might cause nightmares for campus technologists everywhere. It ranks higher education’s worst security breaches, and a related report says things probably will get worse.

So while fans from VCU, Butler, Kentucky, and U-Conn celebrate a shot at the national title this weekend, IT officials from Ohio State University (OSU), Georgia’s Valdosta State University, Buena Vista University in Iowa, and the University of North Florida will see their school’s security blunders recognized as the worst in higher education in 2010.

On the strength of an October database breach that exposed personal information of 750,000 students, faculty, and alums, OSU won the 2010 Higher Education Data Breach Madness.…Read More

The top 10 higher-ed tech stories of 2010: No. 7

College IT departments have struggled to keep hackers out of campus networks.

In October, higher education saw one of its largest data security breaches ever, as the Social Security numbers, dates of birth, and other personal information for about 760,000 current and former Ohio State University students were accessed by unauthorized network users. The Ohio State incident followed other security breaches at schools such as the University of Maine, Penn State University, and Florida International University in the past year—although it was a breach at the University of Hawaii (UH) that might be the most damaging of all.

That’s because a former UH student filed a class-action lawsuit against the school Nov. 18 in what is believed to be the first such case of its kind. If the lawsuit succeeds, or if UH settles, it could change how colleges and universities handle sensitive information going forward, some experts say.

Many colleges and universities already are paying more attention to how personal student information is stored and used, and the lawsuit now facing UH could cause more schools to examine their own practices, said Timothy Kaye, a law professor at Stetson University College of Law. Kaye added: “I think that a lot of these things should be rethought.”…Read More

Ohio State reports massive network security breach

OSU hired computer forensic experts to investigate the school's security breach.

Social Security numbers, dates of birth, and other personal information for about 760,000 current and former Ohio State University (OSU) students were accessed by unauthorized network users in October, although campus IT staff haven’t found evidence that any information was taken, according to an OSU statement.

The university went public with news of the breach Dec. 15, promising to provide free credit protection services for anyone whose name, Social Security number, birth date, or address was listed on the server that was accessed without the campus’s consent.

More recent news about security breaches:…Read More

University faces lawsuit after security breach

Data breaches are prompting some universities to rethink their use of personal student information.

Data security breaches have plagued colleges and universities for years, and now a former student at the University of Hawaii (UH) has sued the school for negligence in a case that could change how colleges and universities handle data going forward, some experts say.

Philippe Gross, a former student, filed a class-action lawsuit against UH on Nov. 18, after news leaked that sensitive information—including the Social Security numbers of more than 40,000 former UH students—was posted online for almost a year before being removed in October. The lawsuit is believed to be the first of its kind.

“UH did not step up and offer credit monitoring, identity theft insurance, all the things they could’ve done to assist students and faculty,” Thomas Grande, Gross’s lawyer, told the Honolulu Star-Advertiser when the lawsuit was filed.…Read More

The best way to avoid data loss on campus

A misplace USB can be a nightmare of college IT officials.
Misplaced portable storage devices can be a nightmare for campus technology officials.

Misplaced USB drives or other portable storage devices account for several of the most recent security-breach instances in higher education. And campus technology chiefs have a simple solution for preventing such data loss from occurring, security experts say: Transport files on the web, where campus technology officials can track them.

Colleges and universities, like corporations and government agencies, see Social Security numbers, birth dates, account numbers, and other sensitive information stolen every year after an employee reports a portable storage device missing.

New York University’s Langone Medical Center reported in August that patient records, home addresses, and other information had been lost on a missing USB drive that contained diagnostic test results for about 250 patients. And at Rice University last month, more than 4,000 students and staff members had their Social Security numbers compromised when a portable storage device was reported stolen.…Read More