US: Hackers hit universities’ database ‘jackpots’

By On January 3, 2011 Under Pet Articles
Response

Given that 2008, 158 information breaches have compromised a lot more than 2.3 million records at American higher education institutions, based on a current report by Application Security, Inc, a US database safety business.

Identity theft has turn into the US’ largest consumer complaint, based on the Federal Trade Commission (FTC), with nearly a million new victims each and every year. The difficulty has been exacerbated – and also the illicit rewards produced higher – by cyber criminals successfully hacking into the databases of semi-autonomous tertiary educational institutions.

“When an attacker gets access to university databases, it’s like hitting the jackpot,” says Josh Shaul, the New York-based Application Security’s vice-president of product management.

One of the problems Shaul sees is that college databases contain such an extensive range of personally identifiable information (PII), from key monetary details to “credit card numbers, social security numbers, as well as the healthcare records of employees, students, parents and alumni”.

For larger institutions, with tens of thousands of students together with staff and faculty, “a university or college could be housing potentially billions of PII”,” says Shaul.

The current data breach at the University of Central Missouri is a single example where large quantities of information were successfully captured.

According to the Identity Theft Resource Center (ITRC) in San Diego, California, two students there generated a virus to acquire remote access to information related to additional than 90,000 faculty, staff, alumni and students by means of university personal computer labs as well as the library.

They credited their own student accounts and changed their grades during the 2009 autumn term before being stopped in their tracks whilst attempting to sell the details to an undercover FBI agent for $35,000.

Similarly, in August a laptop containing the social security numbers of additional than ten,000 applicants to the West Hartford campus of the University of Connecticut was stolen. Administrators have been conducting damage control ever since – contacting the compromised people and offering them credit-monitoring coverage for two years at the university’s expense.

The $204 per compromised record that Poneman Institute estimates it costs to remedy a breach pales in significance to the damage brought on to an institution’s reputation.

As well as the instances of such breaches are alarmingly high: the ITRC estimates that a minimum of 57 breaches – compromising the records of nearly 800,000 folks – have been created at larger education institutions this year alone.

Despite the fact that institutions are aware of the threat, attempts to secure databases have tended to be sporadic and are normally implemented as soon as the initial – and most insidious – breach has been produced.

Acting proactively, even in little increments, nevertheless, could be all it takes to secure databases and steer clear of potentially disastrous breaches, says Shaul.

“One of the initial and easiest actions would be to make certain that the database systems have complicated passwords in location and that default account logins and blank passwords have been replaced.”

While it has been suggested that the current economic downturn has been responsible for the acceleration of this difficulty, Shaul notes, “the truth is that a substantial uptick in data breaches started out in 2005 when the economy was booming”.

Students are also the targets of identity theft by various implies, and most notably through their financial naivety and clean credit ratings. The FTC reports that 31% – practically one-third – of all the identity theft victims in 2009 were beneath the age of 29 years.

 

Leave a Comment

Tags: