From stolen laptops to hacked networks, being a college student has never been riskier. Students make ideal targets because they often have pristine credit scores, don’t monitor their credit activity, and over-expose personal data on everything from social networks, cloud databases, and decentralized university servers.
Remember last year, when hackers published thousands of personal records from 53 universities, including Harvard, Stanford, Cornell, Princeton, Johns Hopkins, and other universities around the world?
But college students can’t get by without a constant Internet connection. In fact, six out of 10 students won’t even consider attending a college unless it offers free on-campus WiFi!
But identity theft and identity fraud are very costly and can have long-term effects for recent graduates looking to rent their first apartment, apply for their dream job, or finance a new car.
That’s why officials at the University of South Carolina recently sent letters to 6,300 students, explaining that their sensitive personal information, including Social Security numbers, could have been accessed after a laptop was stolen from the physics department.
This is the seventh data breach in seven years for the university. In June 2012, nearly 34,000 students and employees in the College of Education had their information, including Social Security numbers, compromised. In March 2011, nearly 31,000 students and faculty data was exposed by a “human error” network breach. In September 2007, there were 1,482 files with Social Security numbers, test scores, and course grades unintentionally exposed online. Other incidents at the university include email breaches and database hacking.
But universities in other states are not immune, either.
The state of North Carolina suffered a similarly embarrassing data breach when a licensed clinical social worked accidentally attached confidential client information to an email that was forwarded to town council colleagues. The email was forwarded a second time to a public account, and consequently, the information was publicly available for a week. Many of the social worker’s affected clients were University of North Carolina students. Names, Social Security numbers, clinical notes about client mental health, payment amounts, and insurance forms were exposed.
And no one can forget when Yale University became a victim of Google hacking (also known as Google dorking) when cybercriminals used Google search functions to access data on the Internet. Students and faculty at the Ivy League institution had their personal data — including names and Social Security numbers — available online for nearly 10 months. This sensitive information was stored on an FTP server accessible through a simple Web search.
Back in South Carolina, the university is busy cleaning up from this seventh breach. Part of these efforts include spending more than $2 million as part of its “Secure Carolina” efforts over the next two years to bolster its cybersecurity and hire more computer security staff.
Despite this costly and noble effort, the university’s own chief information security officer warned that hackers could still get valuable data. Because the university connects more than 80,000 devices, including smartphones, laptops, and iPads, across its eight campuses, no one is immune to attack, according to Marcos Vieyra.
“We have to be aware and realistic that the odds are against us. There are a lot of attackers. We have to be perfect every day, and all they have to do is find one hole, one vulnerability, and they’re in,” Vieyra explained.