Click here to receive your FREE subscription to Campus Technology

Home > Once More unto the Breach

News Feature

Once More unto the Breach

4/13/2007

By David Nagel

The announcement earlier this month of a potential data security breach at the University of California, San Francisco (UCSF) may have come as a shock to the 46,000 individuals who received notification that their personal information might have been compromised. But for industry observers, this latest revelation was just another in a long string of security incidents impacting institutions of higher learning.

Higher ed isn't the only sector suffering from breaches in security, but it is, in some ways, in a unique predicament. Adam Thermos, founder of Strategic Technology Group, said that universities typically implement standard security measures. "However," he said, "this  is [academia].... Most of the problems are  more out of  negligence and less out of malice. Too much instability  in operations, too many work study and graduate students in and out, too many cooks in the kitchen...."

Regardless of the causes--and it should be noted that the specific cause of the UCSF breach is not known publicly, if at all, as of this writing--data breaches in higher education are more common than in most other sectors. Are higher education institutions doing all that can be done to safeguard the personal data of their students, employees, and customers? And, when breaches do occur, are the universities doing everything they're supposed to be doing?

We spoke with a number of analysts and industry observers on this issue in light of the UCSF incident. For the most part, they agreed that higher education is doing well in many cases when it comes to responding to incidents; but efforts at safeguarding data leave something to be desired, especially given some obvious and relatively unobtrusive measures that could be adopted.

What Happened at UCSF?
In March, UCSF discovered that a file server located at the University of California Office of the President in Oakland, CA might have been accessed electronically by an unauthorized, as-yet-unidentified entity. The server itself contained information on staff, students and faculty at UCSF and the UCSF Medical Center--including Social Security numbers and bank account information related to payroll and "reimbursement deposits."

According to UCSF, there was no patient information from the UCSF Medical Center on the server.

As of this writing, the university had not determined whether there had been any unauthorized access to the data (or had at least not shared such information with the public). And no incidents of identity theft as a result of the potential breach had been reported.

UCSF's Response
The university's response to the situation was, initially, to remove the system in question "immediately" from service so there would be no further possible risk. Following this, in April, UCSF then sent out notices to some 46,000 individuals who had ben associated with the university or the Medical Center over the last two years.


Recommended Reading
  • Drexel Sees 802.11n as Logical Leap

    For colleges and universities considering a wireless network upgrade anytime soon, whether or not to go with the new, not-yet-final 802.11n standard is a tough call.

  • Internet Freedom: Google, Microsoft, Yahoo Near Agreement

    Google, Microsoft, and Yahoo are "close to agreement" on a code of conduct for Internet technology companies that are doing business in countries restricting citizen dissent and speech rights, according to an announcement issued Monday by United States Sen. Dick Durbin, D-IL.

  • Pepperdine U Upgrades WiFi with Xirrus Arrays

    Pepperdine University has deployed 161 Xirrus XS8 WiFi Arrays (1,288 radios) at its 830-acre Malibu, CA campus. The XS8 WiFi Array integrates eight radios and high-gain directional antennas in one device, along with an onboard gigabit switch, WiFi controller, firewall, and dedicated WiFi threat sensor, which, the vendor said, dramatically reduces the number of devices, cables, and switch ports required to achieve a comparable range of WiFi service.

  • IBM To Team with Linux Vendors on 'Microsoft-Free' PCs

    IBM and name-brand Linux operating system distributors Red Hat, Novell, and Canonical/Ubuntu have disclosed their intentions to join forces with their hardware partners to create what they are calling "Microsoft-free personal computing choices."

  • IBM Unveils New Software Designed To Streamline eDiscovery

    IBM has announced the release of new Enterprise Content Management (ECM) software specifically designed to meet the needs of clients dealing with complex legal discovery requirements. The eDiscovery solutions expand on IBM's ECM platform and are intended to give organizations greater control of digitally stored documents in an effort to reduce costs and streamline the discovery process involved in litigation.

  • Microsoft Releases SQL Server 2008 to Manufacturing

    Microsoft has released SQL Server 2008 to manufacturing (RTM) and, as an evaluation edition, to subscribers of its Microsoft Development Network and TechNet services, the company announced Wednesday.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format