Harvard University recently announced that it had been hacked for the second time in just four months. The data breach appears to be limited to the Faculty of Arts and Sciences and Central Administration information technology networks and, fortunately, does not appear to have compromised either research data or personal information of students and faculty, such as Social Security numbers. More and more colleges and universities are targets of hackers, as I described to you most recently in May 16th’s Scam of the day regarding the major data breach at Penn State. American engineering schools, including MIT, and Carnegie Mellon, have been targets of Chinese state sponsored hacking for many years. The goal of these hackings have been to gain information for both commercial and national defense purposes. However, colleges in general are targeted by hackers seeking personal information for purposes of identity theft. One reason that colleges and universities are such a tempting target for identity thieves is that they gather and retain so much personal information on applicants, students, faculty and alumni. Making the problem worse is that college and university computer networks are generally readily accessible by so many people that it becomes difficult to secure these networks.
I have written many times of the extreme vulnerability of colleges and universities, which gather and keep much personal information for which they have no real need, such as the Social Security numbers of applicants to the schools or Social Security numbers of alumni. Coupled with lax security at many colleges and universities, this gathering and keeping of personal information for which the schools have no need puts the people whose information is affected in great danger of identity theft. It is important for all of us to always inquire as to any company or agency that has personal information of ours as to what they do to keep this information secure.
For those people who may have been affected by the Harvard data breach, here is a link to Harvard’s official announcement of the data breach with details of the breach as well as suggestions for action by those affected. http://security.harvard.edu/cyber-alert/faqs