Columbia University recently disclosed that it had suffered a data breach in May that was discovered in June, but not disclosed until last week. According to public filings 868,969 people had their personal information compromised. The compromised information included names, Social Security numbers, birth dates and much more information that can readily lead to identity theft. If the number of people affected seems high considering the fact that Columbia only employs approximately 20,000 people and has an enrollment of approximately 35,000 students, this discrepancy is due to the fact that Columbia kept such personal information on both current and former students as well as applicants including people who never got accepted or attended Columbia.
Data breaches at colleges and universities are common. The reason for targeting universities and colleges is simple. Generally they maintain tremendous amounts of personal information and many schools have not done a good job of securing the sensitive information they hold. Colleges and universities have much personal information that is often easily accessible within the school’s computer systems. Too often schools have permitted the information to be on unencrypted laptops and flash drives. In addition many schools do not have sufficient security programs in place to limit access to personal information, which the universities keep in their computers long after it is necessary to be kept, such as Social Security numbers for students who have long since graduated or any information about applicants who were never admitted.
TIPS
Colleges and universities must make a greater commitment to data security. Data breach prevention systems should be implemented that include, but not be limited to updated firewalls, limited access to personal information, purging of unnecessary information, dual factor authentication and encryption. Personal information should not be as open and available as they presently are at this time at many universities.
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
You also should put a credit freeze on your credit report because credit monitoring only tells you that you have become a victim of identity theft after the fact. A credit freeze can protect you from becoming a victim in many instances.