Within the past several months, hackers have slithered through computer networks into servers holding confidential information at more than a dozen institutions, including California State University at Chico, Northwestern University, Tufts University, and the University of California at San Francisco. A laptop holding sensitive information was stolen from the University of California at Berkeley.
These security breakdowns -- which have received extensive coverage by the news media -- have prompted some colleges to devise tougher policies to protect data and to remind their employees and computer users that it's very easy to mishandle confidential information. So far, however, college officials say they see no indication that identity thieves have used the ill-gotten data.
The incidents are not limited to institutions of higher education. Companies including LexisNexis and Bank of America have suffered similar security problems in recent months. So did a data service called ChoicePoint, where hackers gained access to confidential information on as many as 145,000 people.
Observers are not sure whether such breaches of security are actually on the rise on college campuses, or colleges are simply more aware of the attacks or more willing to notify users about them. In California, a law passed in 2003 requires organizations that hold sensitive data to inform people in the state when their confidential information may have been compromised. With the recent spike of reported incidents, the U.S. Senate is considering a bill to extend that law nationally.
The Chronicle: 5/6/2005: Why Can't Colleges Hold On to Their Data?
During the past few months, more than a dozen colleges and universities have reported hacker incursions or computer thefts that have compromised the personal information of students, professors, alumni, and others. So far, college officials say, there is no evidence that any of the hackers actually retrieved any of the confidential information or stole anyone's identity.
