University of Delaware – In July 2013 the university experienced a cyberattack that compromised personal information of 74,000 individuals including current and former employees and others who received payment from the university. It was noted that the cyberattack took advantage of a weakness found in vendor-provided software. Affected victims were offered free credit monitoring.
Maricopa County Community College – In April 2013, 2.5 million students, alumni, employees and vendors had their names, addresses, phone numbers, email addresses, social security numbers, birth dates, financial and bank account information, academic information, and Federal Employer Identification numbers exposed on the Internet. The breach affected records dating back as far as 30 years. As of December 2014, $26 million was spent on defending a class action lawsuit, notifying and offering credit monitoring to affected individuals.
City College of San Francisco – In January 2012, malware was discovered on the college’s database which transferred 100,000 students and employee records overseas. The rogue software had been lurking in the system for over a decade.
These examples of data breaches highlight the varied ways in which information can be exposed or compromised. It is not simply attacks from hackers, but also internal employee mistakes and poor network security protocols.
Data collection and information sharing needs of the higher education sector has inherent network security challenges:
• Institutions must gather and store highly sensitive information of current and former students and their family members. This includes, but is not limited to, social security numbers, birth dates, financial aid records, credit cards, academic records, and medical information.
• Budgetary constraints force many schools to go without an official “IT Security Manager.” It is also common to have decentralized IT operations, creating dangerous inconsistencies in data security practices.
• Unprotected public wireless networks are often placed throughout a university campus, making them more vulnerable to hacking.