Higher Ed Data Breaches at Near-Record High in 2012

Nobody knows who will win the NCAA Men's Division Basketball Championship; the final game won't happen until April 6. But just as surely as bracket mania strikes the country this month in response to college basketball, so too does Application Security release the final rankings of this year's dubious roster of higher education "data breach madness" winners. These are colleges and universities that have experienced a notable data breach in 2012.

This year's declared winner is the University of Nebraska, which reported a breach of 654,000 records on May 25, 2012. Rounding out the data breach "Final Four" were the University of North Carolina (350,000), Arizona State University (300,000), and Northwest Florida State College (279,000). Three of those breaches also made the top 10 higher ed data breaches of all time.

To develop its rankings, the company used publicly reported data breaches compiled by Privacy Rights Clearinghouse. The bracket format reflects the number of personal records affected by each breach. The larger the breach, the further each institution advanced in the "tournament," until an eventual "champion" was crowned.

The results were released by TeamShatter, the company's research arm. Researchers there noted a "substantial uptick" in total records breached. In 2012, the count was nearly two million, a tally surpassed only in 2006, which had a reported 2.03 million records breached. (Tracking by Privacy Rights Clearinghouse began in 2005.)

The company cited a finding by Ponemon Institute, which researches the costs of data breaches. The average cost per compromised record in an education environment is $142, which puts the cost of the U Nebraska data breach at about $92 million, according to Application Security.

"When we look back at the higher education data breaches in 2012, we can see that the hackers are clearly getting smarter at stealing data," said Alex Rothacker, director of TeamShatter's security research. "The reported breaches remain on the low side, yet the stolen data is over three times what we saw in 2011."

In the case of U Nebraska, an undergraduate student there was charged with hacking into a protected computer system. According to the university, "this was a skilled attack on our system that was discovered and shut down within hours of its discovery."

The University of North Carolina at Charlotte suffered two breaches, one caused by a system misconfiguration and incorrect access settings, which resulted in data being accessible on the Internet, and the other in which files containing sensitive data were stored in a manner that left contents open to the Internet.

At Arizona State, an encrypted file containing user names and passwords was downloaded by an unauthorized person. And at Northwest Florida State, hackers accessed at least one folder on a server that contained personally identifiable information.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.