Search This Blog

Saturday, July 07, 2007


Colleges and Universities are the most likely for data breaches, according to The NonProfit Times. I looked for confirmation of that on the Privacy Rights Clearinghouse Chronology of Data Breaches and not only found validation there have been 158 higher education breaches, but that three of them were prior to the ChoicePoint incident in February 2005. With the number of breaches between Jan. 1, 2005 and July 3, 2007 adding up to 615, the 158 by colleges and universities represents almost 26 percent of the total. And that doesn’t even include those happening in lower education. Some have had multiple incidents like the University of Colorado, Notre Dame, U. of San Diego, Purdue, Northwestern, U. of Texas, and Ohio State. All of these had three or more breaches; U. of Colorado seven, Purdue and U. of Texas five, Northwestern four. Just this past May of 2007, InfoWorld reported a data breach at the U. of Colorado that had resulted from an unpatched flaw in their Symantec anti-virus that exposed the Social Security numbers of 45,000 students. The patch had been issued by Symantec but the University had not applied it. Since this school’s first incident occurred in January of 2005, it is reasonable to hope that someone would have learned something about security in almost two and a half years. But the big one occurred at the U. of California-Los Angeles (UCLA), where hackers made off with the names, addresses, birth dates, and social Security numbers of 800,000 students, employees, and faculty. According to, not only was it the biggest, but it took over a year to discover the intrusion. Someone isn’t minding the store, and predictions are that the problem will only worsen. With 44 higher education breaches already in 2007—there were 58 in 2006—this should be a banner year for the ID thieves, as I have repeatedly predicted.

No comments: