As UW-Madison steps up security measures with its new open source project for the My UW network, other universities nationwide have recently struggled with Internet security issues, especially after the University of Minnesota reported two computers jam-packed with student and alumni personal information stolen in mid-August.
According to the University of Minnesota's Institute of Technology, those affected included admitted IT students from Fall 1991 to Fall 2005 and accepted Fall 2006 students.
""The Institute of Technology and the university have now enhanced data security efforts by increasing the level of physical security for computers and ensuring that student data is stored on secure networks and file storage devices,"" according to the University of Minnesota IT website. ""The university also is developing additional programs and procedures to help improve data security.""
Information in the stolen computers included—for the freshman files—addresses, phone numbers, University of Minnesota student ID numbers, birth dates, citizenship, high school names and ranks, standardized test scores, Advanced Placement and International Baccalaureate scores, University of Minnesota GPA, and grades in some courses.
Social Security numbers were in the computers for the 1991 IT class consisting of 559 students and 43 students who received letters regarding financial aid appeals.
The IT assured students that though the information could be fraudulently used, the computers themselves were the target of the theft, not personal information.
But Minnesota was not the only university to suffer an Internet security breach in 2006.
On April 21, 2006, the FBI notified Ohio University that a server in the university's Technology Transfer Department had been hacked. A second security compromise was found April 24 when Ohio University's electronic security team discovered an alumni relations server had been hacked; approximately 137,000 Social Security numbers were stored in that server.
Ohio University President Roderick McDavis apologized for the security breach in an e-mail sent to faculty and staff in June.
""We hold ourselves fully accountable,"" he said.
McDavis said he understood the stress caused to faculty and alumni regarding the security breaches—the Ohio University systems were hacked five times between March 2005 and May 2006.
Universities can deal with security breaches in various different ways, according to Privacy Rights Clearinghouse Representative Leslie Flint.
Determining what kind of breach has occurred is the number-one priority, she said, as well as determining how many people have been immediately affected.
Both Minnesota and Ohio University sent letters immediately to those affected by the breaches, according to news reports, but to some disillusioned, wary users, the apologetic gestures may not be enough.
Many alumni told Ohio University that they no longer felt secure having their data in the system.
""You can't help but wonder what is going on at Ohio University,"" said About.com identity theft columnist Brian Koerner. ""I am sure that they have been working long and hard to respond to the previous breaches and prevent others from happening. Is this an example of bad things happening to a good organization or are they not taking their responsibility in protecting this personal information seriously enough?""
Regardless of the university's actions to assuage the concerns of the security breach-afflicted, the most important action, according to Flint, is to tighten existing security measures for student, staff, faculty and alumni personal information immediately.
