In the wake of an audit that resulted in the suspension of two top-level information technology staffers, officials at Ohio University (OU) are working to correct mistakes that compromised 173,000 Social Security numbers in school computers.

The latest in a string of high-profile security breaches at several major U.S. colleges and universities, OU's troubles have prompted school technology directors nationwide to reexamine an important question: how to balance the need for personal security with the educational benefits of an open and accessible technology infrastructure.

Since February 2005, universities nationwide have accounted for almost 50 percent of computer data theft, according to the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group in San Diego.

Colleges and universities are a prime target for electronic data thefts because of their wide use of names, addresses, and Social Security numbers, experts say.

"The reason is simple. Colleges have a tendency to use information, like Social Security numbers, for student IDs," said Jay Foley, executive director of the Identity Theft Resource Center, another San Diego nonprofit.

OU is in the midst of investigating five cases of data theft since March 2005, in which 367,000 files containing personal information--including Social Security numbers, names, medical records, and home addresses--reportedly were exposed.

The independent audit, conducted by researchers at Moran Technology Consulting of Naperville, Ill., criticizes the university's Computer and Network Services division for making security a low priority for more than 10 years, though it had an annual budget averaging $11 million and annual surpluses averaging $1.4 million.

Not enough skilled computer staff members, and computer officials who did not "firmly and loudly identify important security problems," contributed to the data thefts, the audit said.

The audit details a profound problem, said R. Gregory Brown, chairman of the school's board of trustees. The board in June approved spending up to $4 million to secure university computers.

In response to the audit, University President Roderick McDavis on June 20 suspended with pay IT director Tom Reid and the university's internet and systems manager, Todd Acheson, pending a formal investigation, the Associated Press (AP) reported. McDavis then sent an eMail message to faculty and staff, saying he deeply regretted the inconvenience and stress the breaches have caused university employees.

"We hold ourselves fully accountable," McDavis wrote in his message.

Two OU graduates whose Social Security numbers were among the 173,000 possibly stolen from school computers have filed a lawsuit alleging their right to privacy has been violated.

Donald Jay Kulpa, 31, and Kenneth Neben, 34, filed the lawsuit in Columbus on June 23. The lawsuit, which seeks class-action status, asks a judge to order the school to pay for credit monitoring services for those affected. It also requests compensation for anyone who suffers financial losses from the breaches.