US: Hackers hit universities' database 'jackpots'

Sarah King Head 12 December 2010

Since 2008, 158 data breaches have compromised more than 2.3 million records at American higher education institutions, according to a recent report by Application Security, Inc, a US database safety company.

Identity theft has become the US' largest consumer complaint, according to the Federal Trade Commission (FTC), with nearly a million new victims each year. The problem has been exacerbated - and the illicit rewards made greater - by cyber criminals successfully hacking into the databases of semi-autonomous tertiary educational institutions.

"When an attacker gets access to university databases, it's like hitting the jackpot," says Josh Shaul, the New York-based Application Security's vice-president of product management.

One of the problems Shaul sees is that college databases contain such an extensive range of personally identifiable information (PII), from key financial information to "credit card numbers, social security numbers, and the healthcare records of employees, students, parents and alumni".

For larger institutions, with tens of thousands of students along with staff and faculty, "a university or college could be housing potentially billions of PII"," says Shaul.

The recent data breach at the University of Central Missouri is one example where large amounts of data were successfully captured.

According to the Identity Theft Resource Center (ITRC) in San Diego, California, two students there generated a virus to gain remote access to data associated with more than 90,000 faculty, staff, alumni and students through university computer labs and the library.

They credited their own student accounts and changed their grades during the 2009 autumn term before being stopped in their tracks while attempting to sell the information to an undercover FBI agent for $35,000.

Similarly, in August a laptop containing the social security numbers of more than 10,000 applicants to the West Hartford campus of the University of Connecticut was stolen. Administrators have been conducting damage control ever since - contacting the compromised individuals and offering them credit-monitoring coverage for two years at the university's expense.

The $204 per compromised record that Poneman Institute estimates it costs to remedy a breach pales in significance to the damage caused to an institution's reputation.

And the instances of such breaches are alarmingly high: the ITRC estimates that at least 57 breaches - compromising the records of nearly 800,000 people - have been made at higher education institutions this year alone.

Although institutions are aware of the threat, attempts to secure databases have tended to be sporadic and are usually implemented once the initial - and most insidious - breach has been made.

Acting proactively, even in small increments, however, can be all it takes to secure databases and avoid potentially disastrous breaches, says Shaul.

"One of the first and easiest steps is to ensure that the database systems have complex passwords in place and that default account logins and blank passwords have been replaced."

Although it has been suggested that the recent economic downturn has been responsible for the acceleration of this problem, Shaul notes, "the truth is that a significant uptick in data breaches started in 2005 when the economy was booming".

Students are also the targets of identity theft by various means, and most notably through their financial naivety and clean credit ratings. The FTC reports that 31% - nearly one-third - of all the identity theft victims in 2009 were under the age of 29 years.

Receive UWN's free weekly e-newsletters

Sponsored Article

Getting to net zero, one community at a time

University of Victoria staff

Accelerating Community Energy Transformation is a University of Victoria-led collaborative initiative that brings together over 40 partners, including Indigenous knowledge keepers and community leaders, to create innovative place-based solutions for energy system transformation.

Promoted by the University of Victoria.

Sponsored Article

Africa pays a premium for global climate change sluggishness

Stellenbosch University staff

Africa needs to stop paying the price for the rest of the world’s recalcitrance to act fast enough in response to the irrefutable conclusions that climate change is real and that the impact of global warming could be devasting, says Professor Guy Midgley, interim director of the School for Climate Studies at Stellenbosch University, South Africa.

Promoted by Stellenbosch University.

Sponsored Article

Innovations to ensure energy savings in a hot, arid climate

UAE University staff

Researchers from the United Arab Emirates University have shown that the potential benefits of building energy savings and a cooler indoor environment, as well as improved cooling effect on air temperature at pedestrian level, strongly indicate that a cool roof with high solar reflectance and albedo is a promising strategy for buildings in regions with hot, arid climates.

Promoted by United Arab Emirates University.

Sponsored Article

A new global university ranking with an ethical mission

Aftab Dean

A new university ranking system aims to serve as a catalyst for positive transformation in higher education, ensuring that universities create an environment grounded in integrity and sustainability that inspires and supports students and staff in the development of novel solutions to global challenges.

Promoted by Globethics.net.

Sponsored Article

SDG progress report launches university into new territory

University of Pretoria staff

In the publication of its first progress report on its contribution to the Sustainable Development Goals, the University of Pretoria is navigating new territory at the same time as it is acknowledging its clear stewardship role in protecting the environment and biodiversity.

Promoted by the University of Pretoria.