In a hack attack that reflects a worrisome trend in the education arena, Fairfield, Conn.-based Sacred Heart University in early May discovered that the security system on one of its computers containing students’ personal data was breached. The university has not confirmed that sensitive files were actually accessed, but said the intruder did have the expertise to access them.
“While the University maintains a state-of-the-art computer security system and employs a highly qualified outside computer security firm, it is impossible to be 100 percent secure from illicit intrusion into confidential, personal and financial information,” the university said in a statement.
A Hacking Epidemic
Sacred Heart is hardly the only educational institution to face a hack attack in recent months. Ohio University in May also reported its servers had been compromised in a series of break-ins that put personal data of more than 300,000 people at risk. About 60,000 students fell victim to the attack.
In March, a Georgetown University network server holding data on 40,000 Washington, D.C., residents was hacked, leaving their names, addresses and Social Security numbers accessible to identity thieves.
In fact, since February 2005, over 50 million people have had their personal information potentially exposed by unauthorized access to the computer systems of companies and institutions, according to The Privacy Rights Clearinghouse, and 50 percent of all reported security breaches since that time have occurred at colleges and universities.
“Universities have been a target of attackers for well over a decade, because there is a wealth of information there that is useful for exploitation. There are young students there who have credit cards, Social Security numbers, bank accounts and other types of online assets that are valuable to criminals,” Ken Dunham, senior engineer at threat intelligence firm iDefense, told TechNewsWorld.
While corporations may have large security budgets and IT staff, universities often do not enjoy the same level of resources to safeguard information. Universities are typically understaffed, and their IT employees often are undertrained to deal with computer security, Dunham noted. These educational IT gurus may be ale to deal with standard system administration, but the challenge is to move beyond mere functionality into security.
“Unlike a corporation, universities have unique challenges that are extremely difficult to manage. They often have a very large number of users and support a wide range of computers,” said Dunham. “It’s very different from a small business that wants to adopt a bunch of Microsoft computers and call it good. These guys might have to support Apples and PCs and have them talk to each other. It makes it increasingly complex.”
Paying Closer Attention
Colleges are finally taking notice. For its part, Sacred Heart is conducting a full review of the incident and its computer security policies and procedures with the help of outside agencies.
Moreover, colleges identified security as the most critical issue facing their computer systems for the first time in seven years, according to a survey of about 600 colleges released this month by Educause, a nonprofit group that promotes information technology use. In a 2000 survey, security wasn’t even among the top five concerns.