Security Researchers Compile Data Breach 'Champions'

Tonight's game decides this year's winner of the NCAA Men's Division Basketball Championship--either the University of Connecticut or Butler University. By now, if you've been playing your own set of brackets, you've probably torn up the printout. According to a Yahoo bracket contest, out of 3 million entries, only a single individual has so far come up with the "final four" selection that matches with reality, which also included the University of Kentucky (bested by U Conn 56 to 55) and Virginia Commonwealth University (beat by Butler 70 to 62).

During breaks in games, distracted database security researchers at Application Security have put together their own bracket competition, this one focused on higher ed data breaches. 2010's winner: Ohio State University with a potential exposure of 750,000 names.

"Higher Education Data Breach Madness" pulls together records for reported college and university breaches yearly and declares an annual final four. In 2010 Ohio State was joined by Valdosta State University in Georgia with 170,000 potential records exposed; University of North Florida with 107,000 records; and Buena Vista University in Iowa with 93,000 records.

According to TeamShatter, AppSec's research arm, this year has seen 14 reported breaches covering 81,835 records. The leader to date: University of South Carolina, which may have exposed 31,000 records because of a computer security problem hitting eight university systems maintaining data on faculty, staff, retirees, and students.

TeamShatter Director of Research, Alex Rothacker, believes the campus environment is ripe for data breaches. "When an attacker gets access to university databases, it's like hitting the jackpot," he said. "Databases at colleges and universities store a wealth of personally identifiable information. This information includes names, addresses, financial information, credit card numbers, Social Security numbers, and healthcare records of employees, students, parents, and alumni. With major colleges enrolling tens of thousands of students a year, along with the large amount of employees involved with running an institution, a university or college could be housing potentially millions of records containing [personal data]."

He added that the amount and type of data isn't the only issue with higher education. "These institutions are often open environments with high turnover. They often recruit from the student body and provide limited supervision or training. Because of the wealth of information that universities store, they are instantly stamped with a bulls eye and a target on the critical data they house."

Editor's note: This article has been modified since its original publication to correct a factual error. It was the University of South Carolina that "may have exposed 31,000 records because of a computer security problem," not, as previously reported, the University of Southern California. [Last updated April 4, 2011 at 2:30 p.m.] --David Nagel

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • minimalist geometric grid pattern of blue, gray, and white squares and rectangles

    Microsoft Rolls Out AI-Focused Windows 11 24H2

    Windows 11 version 24H2, the latest major Windows 11 update, is here with a host of AI-focused enhancements.

  • translucent lock composed of interconnected nodes and circuits at the center

    Cloud Security Alliance: Best Practices for Securing AI Systems

    The Cloud Security Alliance (CSA), a not-for-profit organization whose mission statement is defining and raising awareness of best practices to help ensure a secure cloud computing environment, has released a new report offering guidance on securing systems that leverage large language models (LLMs) to address business challenges.

  • digital classroom interface with virtual hand icons raised, representing students participating in an online poll

    Boosting Student Engagement with Interactive and Practical Teaching Methods

    Traditional teaching methods like slide-to-slide PowerPoint presentations no longer engage students in the way they used to. Here's how one educator developed engaging, interactive methods to help students grasp complex concepts.