Saturday, 15 August 2009

The University Data Breach Blues

This week brought news of another successful breach at UC Berkeley, in which almost 500 records of applicants were stolen by hackers. This is the second such reported hack at UC Berkeley in less than five months, with the earlier hack exposing 160,000 records. These two attacks point to the attraction that universities hold for hackers. Every university requires personal data as part of the application process, and hackers know that these locations guarantee some amount of valuable data. Unlike financial services companies or many retailers, universities lack the most sophisticated data protection measures. They also do not have compliance standards for data housing, making them uniquely attractive to hackers.

The Open Security Foundation, a nonprofit that tracks data breaches, estimates more than 11 million records stored at US colleges and universities have been compromised. Many times, these breaches are not discovered until well after the data is lost. UC Berkeley, for example, found out about this current breach from an alleged hacker’s website.

We have entered a world in which personal data is always at risk from hackers who will grab and sell it for profit. Retailers and financial institutions have felt the pain of protection in this environment, and they have the latest technology as well as compliance measures for protection. What will universities do, since they do not have the same financial resources?
The answer could come in part from compliance guidelines, with government and the private sector working together to suggest best practices and protection measures. Doing so should allow graduates to enter the post-university world with their data -- and credit reports -- uncompromised.