Reuters reports that a hacker used a legitimate password to break into an Air Force database and acquire personal information on 33,000 personnel, about half the Air Force's officers. No financial or military information was located in this particular database.
"We're not sure what the person was doing inside the system, if they was just being curious and going through all these records or what, but nobody's information has been used in an illegal way that we know of so far," Master Sgt. Randy Mitchell said.
Meanwhile, the Identity Theft Resource Center reports that nearly half the identity theft-related breaches have been at colleges and universities, most notably at the state-run University of California. Anthony Wood, director of academic computing at the University of California, San Diego, told Reuters:
"Because we're so big we're kind of decentralized. Academic freedom (tends) to have people doing things on their own. And because we have so many (Internet) addresses, we're more visible."
Wood said the school has gone beyond hardening its network to educating users on the dangers of keeping unencrypted files containing sensitive data on their computers and the vital need to maintain security patches.
The costs of doing little can be high. Rodney Petersen of Educause, a nonprofit group focused on the use of information technology in higher education, says breaches involving more than 50,000 people entail between $300,000 to $500,000 in notification and investigation costs.