A few days ago the University of Maryland disclosed that personal information of more than 300,000 students, faculty and other university employees connected with the university since 1998 was stolen by computer hackers. In a statement disclosing the data theft, the university said that computer and data security was “a very high priority” the university which is hard to understand because of the lax security that led to the data theft. Included in the compromised data were names, Social Security numbers, birth dates and other information for all faculty, staff, students and university personnel issued a university identification since 1998. This information is a veritable treasure trove for hackers who, armed with this information, use it to for purposes of identity theft. The University of Maryland is by no means alone when it comes to being hacked. Harvard, Stanford, Cornell, Princeton, Johns Hopkins, the University of Rhode Island, the University of Arizona, Marquette and more than 50 other colleges and universities have been the victims of data breaches in the last couple of years. The reason for targeting universities and colleges is simple. Generally they maintain tremendous amounts of personal information and their record for data security is not good. Colleges and universities have much personal information that is often easily accessible within the school’s computer systems. Too often schools have permitted the information to be on unencrypted laptops and flash drives. In addition many schools do not have sufficient security programs in place to limit access to personal information, which the universities keep in their computers long after it is necessary to be kept, such as Social Security numbers for students who have long since graduated.
The schools have got to start giving more than lip service to their commitment to data security. Data breach prevention systems should be implemented that include, but not be limited to updated firewalls, limited access to personal information, purging of unnecessary information and encryption. Personal information should not be as open and available as they presently are at this time at many universities. if you are someone who is a victim of the University of Maryland’s data breach, you should contact the University and accept its offer of a year’s free credit monitoring. You also should consider putting a credit freeze on your credit report because monitoring only tells you that you have become a victim of identity theft after the fact, a credit freeze can protect you from becoming a victim in many instances. For information about credit freezes, click on the link on the right hand side of the page where it indicates, “credit freezes.”