Universities rocked by data breaches

Ohio U., which has had 367,000 records compromised fires workers, reorganizes IT department.
Written by ZDNET Editors, Contributor

In what can only be called an epidemic of high-profile data security breaches, Ohio University has been hit five times since March 2005, leading to the breach of more than 300,000 student records. The latest theft reveals the precarious state of security at colleges, as institutions attempt to balance the need for security with the educational benefits of an open infrastructure, reports eSchool News.

Ohio University is the latest victim, investigating five cases of data theft since March 2005, in which 367,000 files containing personal information--including Social Security numbers, names, medical records, and home addresses--were exposed. The university has come under sharp criticism for making security a low priority for more than 10 years, though it had an annual budget averaging $11 million and annual surpluses averaging $1.4 million.

According to the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group in San Diego, universities nationwide have accounted for almost 50 percent of computer data theft.

"The reason is simple. Colleges have a tendency to use information, like Social Security numbers, for student IDs," said Jay Foley, executive director of the Identity Theft Resource Center, another San Diego nonprofit.

Ohio University recently announced plans to reorganize the university's IT department, and has fired two of its IT staffers. OU has also installed new protection software which showed that hackers from Eastern Europe, China, the United States, and elsewhere try to break in to OU's servers up to 10,000 times an hour, which is typical at unversities.

There have been other breaches at universities throughout the country. Personal information from the University of Delaware, and the University of Kentucky have been stolen and the affected parties notified. Other schools such as Kent State, Miami University, Colorado University, Boston College, George Mason University, the University of California at Berkeley, Cleveland State, and the Ohio State University Medical Center have reported similar break-ins this past year.

Editorial standards