UNIVERSITY COMPUTERS OU's problems with hackers among worst

Universities are prime targets for data theft, experts say.
ATHENS, Ohio (AP) -- At least five electronic break-ins. The possible theft of personal information from about 367,000 people. Questions from 600 alumni.
The numbers make Ohio University among the hardest-hit of U.S. universities, considered ultra-vulnerable to data theft.
"We're seeing this across the nation. Universities are prime targets," said Jay Foley, executive director of the Identity Theft Research Center.
Hackers have accessed five computer systems since March 2005 at the school of 20,000 students in rural southeast Ohio.
About 173,000 Social Security numbers could have been stolen, along with names, birth dates, medical records and home addresses for students, employees, alumni and contractors, said Bill Sams, an associate provost who oversees the university's technology.
The damage done
Hackers use software to crack passwords and disable barriers protecting computer systems, sneaking in through Internet connections to obtain information often used to apply for credit cards or loans in someone else's name.
The FBI is investigating, and the university has warned people affected and recommended they check their credit reports.
Graduate student Regina Glick, sitting on the college green, said she was disappointed the university hadn't protected students' personal information.
"It appears that OU is having greater difficulty than other universities," said Glick, a 23-year-old business student. "I'm not sure why."
Since April, the university has discovered that computer systems were breached for the health center, the alumni office, the training center for fledgling businesses and the department that handles records for businesses the university hires.
The school first learned of a breach from the FBI, which was conducting another investigation, Sams said. Officials then figured out that break-ins had been occurring for more than a year.
Universities are easy targets for hackers because of the large amount of personal data they keep, their powerful computer systems, and their emphasis on open communication over security, said Rodney Petersen of Educause, a nonprofit that helps universities set standards for using computer technology.
Required to report breaches
Universities, corporations and government agencies are reporting more data theft partly because new state laws are requiring the disclosures, he said. Ohio passed such a law earlier this year.
The University of Colorado is the only other U.S. university to have announced such a large number of computer break-ins, Foley said.
Colorado found four breaches in 2005, university spokeswoman Jeannine Malmsbury said.
Ohio University hired consultants to figure out what went wrong and how to improve security and reduce the use of Social Security numbers. The school placed three computer systems administrators on leave to ensure the fairness of the audit.
"There's not one silver bullet easy answer," Sams said. "It's going to be funding issues, staffing issues, training issues, policies and procedure issues, priority issues. All of those."
Newly installed protection software shows that hackers from Eastern Europe, China, the United States and elsewhere try to break in to university servers up to 10,000 times an hour, he said.
Not unusual for universities
Such a large number of hacking attempts is typical at universities. For example, the University of Southern California says it fights off 500,000 to 1 million attacks a day.
Sams does not believe Ohio University's five break-ins were related because the attacks came from different parts of the world. Experts said figuring out whether there is a connection would be difficult.
The computer problems are among the reasons about 500 faculty gave for issuing a "no confidence" vote this week against President Roderick McDavis. Administrators also are contending with faculty unrest over salaries and budget cuts, plagiarism allegations in its engineering department and football coach Frank Solich's no contest plea to drunken driving, which he is trying to withdraw to get his conviction overturned.
Informing alumni
The university spent $77,000 to mail letters to alumni informing them about the potential for identity theft.
The school knows of two dozen people associated with Ohio University who have suffered identity theft, Sams said. University officials don't know whether those instances are related to the computer breaches.
Senior Aurora Grossman, 21, said she had a scare earlier this year when a Florida man tried to take out several credit cards in her name. She's worried it could happen again, considering that she uses her Social Security number to log in to university computers and to check in at her campus job.
Dallas Cheatham, an alumna from Columbus, immediately checked her credit report when she read the university's warning letter. Her college friends e-mail university updates and news reports to one another.
Cheatham, 31, said she wasn't surprised to hear of the data breaches.
"In this day and age, there are plenty of people looking to get something for nothing," she said.