U.S. COLLEGES Experts: Info leak likely to continue

With their information exposed, people are left vulnerable.
SAN FRANCISCO CHRONICLE
Colleges across the country, through computer-security failure and human error, have exposed confidential information about hundreds of thousands of students and employees over the Internet, and experts say they expect the problems to continue.
In addition to being targeted by some very savvy hackers, college computer systems have been made vulnerable by the schools themselves through inadequately trained employees who have access to the files.
"It is not an arena where anything stands still," said security consultant Cedric Bennett, emeritus director of Information Security Services at Stanford University. "You might be doing great work [training people and securing your system]; meanwhile, the laws are changing and the bad guys are getting more sophisticated."
Daniel Updegrove, vice president for information technology at the University of Texas at Austin, said advances such as around-the-clock access to administrative services and digital library resources have come with a downside.
"While popular and valuable, not all of these services have been rigorously tested for their ability to withstand intrusion from a sophisticated or persistent attacker," said Updegrove.
Highlighting problem
The problem has been highlighted in recent months by some high-profile breaches of computer-stored records including names, addresses, Social Security numbers and, in some cases, even credit cards, for applicants, students, alumni and staff.
USan Diego State University reported in March that hackers broke into a server in the Office of Financial Aid and Scholarships, gaining access to names and Social Security numbers for more than 178,000 former and current students, applicants and employees.
UThe University of California notified 2,156 applicants a few weeks ago that an overloaded server may have allowed Social Security numbers, test scores and other personal details to be shared over the Internet with competing applicants.
USome 2,800 applicants of the California State University-Monterey Bay were informed in February that their names, addresses and Social Security numbers were made available on the Internet by an employee who moved the data to a computer folder that was not secure. The data was accessed more than 100 times from around the world before the error was discovered.
UAt the Georgia Institute of Technology, a hacker downloaded information that could have included names, addresses, phone numbers, e-mail addresses and credit-card numbers for about 57,775 patrons from the campus arts-center box office in March.
UAt the University of Texas at Austin, 55,200 names and Social Security numbers were downloaded by hackers in March after a similar incident in October.
UAt New York University, it was discovered in January that several mailing lists with names, birth dates, addresses, phone numbers, e-mail addresses and some Social Security numbers for at least 2,100 students, alumni and professors were inadvertently posted on a campus Web site, according to the campus newspaper, the Washington Square News.
Was it copied?
Computer experts say that data erroneously posted on the Internet could have been copied or accessed before the problem was discovered, leaving individuals vulnerable for years.
"We live in an age now when anything that goes into a database has the potential to be compromised intentionally or unintentionally," said Chuck Haupt of Pleasanton, Calif., whose son was one of the applicants whose data was compromised at CSU-Monterey Bay.
"My son's confidential information is out there," said Haupt, who works in the software industry. "People could wreck his credit history or cause identity theft. ... Who knows how long we have to worry about this?"