2008 Woodie Awards
Data theft hits many universitities, study shows
Eva Sylwester, Oregon Daily Emerald
Issue date: 2/1/06 Section: News
Since February 2005, the personal data of more than 52 million Americans has been compromised, in many cases through breaches of computer systems at colleges and universities, Privacy Rights Clearinghouse reported this week.
Of 113 data breaches reported, 55 took place at colleges, universities and university-affiliated medical centers. Stolen data included Social Security numbers, account numbers and driver's license numbers, according to the Privacy Rights Clearinghouse Web site.
The University of Oregon was not one of the affected schools, but other institutions in the Pac-10 conference, such as University of California-Berkeley, Stanford University and the University of Washington Medical Center, were.
"We as an institution have not had any kind of system break-ins," University registrar Herbert Chereck said. "We've been very fortunate."
Privacy Rights Clearinghouse director Beth Givens said universities are vulnerable to these problems because they possess lots of data but often have it spread throughout various locations on campus, making it difficult to control who has access to the data.
"They're a classic decentralized environment," she said.
Givens said universities could do a better job of protecting students by encrypting student records, collecting less information about students and limiting use of Social Security numbers in student files. She said universities should especially avoid using Social Security numbers as student identification numbers.
In the past, the University used Social Security numbers as student identification numbers, but beginning in 2003, all new students were assigned randomly generated identification numbers beginning with 950, and the process of getting new identification numbers for all students and staff was completed in winter 2005, according to the University registrar's Web site.
Chereck said this was done as a preventative measure rather than as a response to problems. He added that the Computing Center does a good job putting technical safeguards in place, although he declined to give specifics about what processes the University uses.
Of 113 data breaches reported, 55 took place at colleges, universities and university-affiliated medical centers. Stolen data included Social Security numbers, account numbers and driver's license numbers, according to the Privacy Rights Clearinghouse Web site.
The University of Oregon was not one of the affected schools, but other institutions in the Pac-10 conference, such as University of California-Berkeley, Stanford University and the University of Washington Medical Center, were.
"We as an institution have not had any kind of system break-ins," University registrar Herbert Chereck said. "We've been very fortunate."
Privacy Rights Clearinghouse director Beth Givens said universities are vulnerable to these problems because they possess lots of data but often have it spread throughout various locations on campus, making it difficult to control who has access to the data.
"They're a classic decentralized environment," she said.
Givens said universities could do a better job of protecting students by encrypting student records, collecting less information about students and limiting use of Social Security numbers in student files. She said universities should especially avoid using Social Security numbers as student identification numbers.
In the past, the University used Social Security numbers as student identification numbers, but beginning in 2003, all new students were assigned randomly generated identification numbers beginning with 950, and the process of getting new identification numbers for all students and staff was completed in winter 2005, according to the University registrar's Web site.
Chereck said this was done as a preventative measure rather than as a response to problems. He added that the Computing Center does a good job putting technical safeguards in place, although he declined to give specifics about what processes the University uses.