“The long-term effects can be a public relations nightmare,” he said. “[Faculty members and students] worry about their data, so they might not want to come to a school knowing that their data is at risk. … In the long run, you lose enrollment and quality of faculty.”

The WhiteHat report comes three months after Identity Theft 911, an Arizona-based company founded by consumer advocates and experts from the financial industry and law enforcement, released a report called “America’s Universities: A Hacker’s Dream.” The report documents some of the largest recent computer security breaches on college campuses and discusses solutions for IT decision makers and students.

Twenty-seven American colleges and universities saw personal records stolen in the first seven months of 2009, and the report concludes that a “sprawling profusion” of disparate computer networks and servers—each with a different security policy—makes IT departments “powerless to enforce any standards,” meaning student grades, credit information, and social security numbers remain vulnerable.

Campus IT officials said school networks often are vulnerable because thousands of students and faculty access the networks every day using their laptops or other personal mobile devices.

“Many of those we don’t own, we don’t have any management responsibility for them, and yet they do introduce problems we have to deal with,” said Robert Ono, the director of technology security for the University of California at Davis.

Ono said 35,000 computers connect to the campus’s network every day.

Centralizing campus computer networks would require categorization of personal information. In this scenario, data would be separated according to sensitivity level, the Identity Theft 911 report says, adding that no one outside the university’s financial aid department would need to know a student’s social security number.

Fohn said the culture of higher education is not conducive to airtight IT security measures. With many campus officials supporting online communication between students and faculty, Fohn said colleges have hesitated to embrace comprehensive security methods.

“There’s an open nature to colleges, and people chafe against being more restrictive,” she said. “I think that’s starting to shift because people are starting to see the need to guard sensitive personal data.”


WhiteHat Security

WhiteHat Web Site Security Statistics Report

Fordham University