Editorial: Data thieves hit schools

Friday, Aug. 4, 2006 | 7:21 a.m.

An increasing number of computer system security breaches at colleges and universities suggests that institutions of higher learning need to do some homework on preventing data theft.

According to USA Today, the personal information of more than 2.8 million people may have been compromised by computer-related breaches that have happened since January 2005. USA Today found that of the 109 incidents reported at 76 colleges during that period, some 70 percent were the result of hackers who gained unauthorized access to the schools' computer databases.

Two California State Univeristy-Northridge students hacked into a professor's computer system in order to change grades, USA Today reports. In another case, a hacker helped 100 Harvard Business School applicants gain early access to acceptance information. And a Netherlands teen was found to have hacked into the computer files of Virginia's George Mason University.

About 12 percent of security glitches resulted from information posted online. For example, the names and Social Security numbers for 9,100 Montclair (N.J.) State University undergraduates lingered on the school's Web site for four months until discovered by a student.

The number and frequency with which USA Today found these reports show that colleges and universities need to be more savvy and serious about protecting their information.

Some institutions have stopped using Social Security numbers as their students' identification numbers, the newspaper reports. Others are issuing special electronic credentials and encryption techniques.

While it is challenging for institutions to keep up with the ever-increasing skill of professional hackers, some experts told USA Today that colleges and universities also have not made computer security a high enough priority. A recent study of the Web sites of 236 top-ranked schools found that barely a quarter had easily accessible policies regarding the collection and use of personal information. All of the sites had at least one data-collection form on a nonsecure page.

Colleges and universities have access to huge volumes of personal financial and identification data. Some even store personal medical information.

In an increasingly electronic age, these institutions must place a higher priority on preventing outsiders from breaching their databases and must invest the time and money needed to improve security.