An Education on University Data Breaches

Students, faculty and others at risk of having their information compromised within university/college networks.

By Wendy Bowman-Littler

LAGUNA BEACH, Calif., Oct. 12, 2012 (GLOBE NEWSWIRE) -- West Coast author Kim Greenblatt remembers his brush with a security breach at a major university well. After requesting a copy of his college transcripts through the website of a Midwestern university, he was surprised to find the transcripts that arrived at his home were someone else's. He notified the registrar at the California campus and had his correct records delivered directly to him, but he never received an answer about where—if anywhere—his first set of transcripts might have been sent.

"I felt surprised, scared and angry," says Greenblatt, who was worried that his name, address and social security number might have ended up in the wrong hands. "The process was done somewhat automatically and incorrectly. The fact that the person from the university couldn't confirm if anything else was wrong was just wrong. I drove my wife nuts for a while worrying about it, and perhaps I overreacted, but it just freaked me out."

The unintended disclosure of sensitive information—whether posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail—is just one type of education-related data breach prevalent within university networks today. 

Because university networks offer a plethora of data, they make a great intentional target for thieves, says Will Marling, executive director of the Virginia-based National Organization for Victims Assistance (NOVA), which provides victim and witness assistance programs for practitioners, criminal justice agencies, professionals, former victims and survivors.

"Students, faculty, staff, alumni, vendors and government agencies all are at risk of having their information compromised," Marling says. "This provides an opportunity for commission of crimes like theft of finances and medical care, fraudulent loans and a host of other violations."

A 2011 report conducted by Pleasonton, Calif.-based Javelin Strategy & Research shows that of the 250,000-plus individuals who were victims of identity theft in 2010, 24 percent of those were between the ages of 20 to 29. Another 8 percent were 19 years old or younger, meaning college-aged students account for as much as one-quarter of all identity theft victims. 

This could be due to their high profiles online, but also because universities are notorious for data breaches, Marling says. "I would suggest that part of the issue is that academic institutions are aggregates for a lot of personal data—not only of the current faculty, staff and student body, but also alumni—all of which is maintained and valuable.

"Hence, hackers like the potential rewards from a data breach, and because of so many who have legitimate access to such networks, that expands the potential points of compromise," he adds.

According to the San Diego-based consumer information and consumer advocacy nonprofit Privacy Rights Clearinghouse, 66 data breaches for educational institutions in the U.S. were publicly reported through the end of August 2012, compared with 63 for all of 2011. Among the most prevalent listed on the organization's 2012 "Chronology of Data Breaches" report include hacking or malware; skimming devices; intentional breaches by employees or contractors; and lost portable devices.

(C) Copyright 2012 GlobeNewswire, Inc. All rights reserved.