March Security Madness? ‘Final Four’ of Ed Data Breaches

Higher education gets special attention during the National Bracket Day when the 65 teams playing in the Men’s Division I Basketball Championships are announced, but that doesn’t mean that all the publicity is welcome. Falling squarely in the “unwelcome” category is TeamSHATTER’s annual report that lays out the biggest reported data breaches experienced by higher ed institutions throughout the previous year.

TeamSHATTER is the research arm of Application Security, Inc, a cyber security consultant, who explain the unique factors in higher ed that result in so many security breaches.

“Data Breach Madness is a fun and timely way to raise awareness of the higher education security landscape and the challenges those institutions face,” states Thom VanHorn, Vice President, Marketing, AppSecInc. “University environments are susceptible to breaches due to factors like easy-to-guess passwords and outdated infrastructures and as a result put students, alumni and employees at risk. Often times, our nation’s colleges and universities can be a playground for young hackers, testing their skills.”

Last year has seen a spike in attempted and successful attacks on colleges and universities with nearly 2 million student records affected — the highest total impact since the 2005 when the report was first released. In comparison, the number of institutions hit is relatively low, as all of the 2 million records accessed come from only 51 schools.

University of Nebraska walked away with dubious honor of topping the bracket this year for a May 25th, 2012 internet break-in in which more than 650,000 student records were compromised. Following it in second place with almost exactly half as many records impacted (325,000) was University of North Carolina, trailed by Arizona State University with 300,000 records accessed and Northwest Florida State College with 279,000.

The University of Nebraska became the 25th higher education institution since 2005 to report a data breach in excess of 100,000 records. In fact, all four institutions in the 2012 “Final Four” eclipsed 100,000 stolen records, which is a first since 2009. According to the Ponemon Institute’s most recent “Annual Study: U.S. Cost of a Data Breach” (March 2012), the findings showed that the average cost to organizations per compromised record was $194, though in the education vertical the average cost was far lower at $142 per record. However, based on the lower education average, the University of Nebraska data breach could cost the university over $92 million.

The top seed last year – Virginia Commonwealth University – wouldn’t have even cracked the top five. Its 2011 break in compromised only 176,567 records – a paltry sum for 2012′s “Final Four.”

Tuesday
03 19, 2013
Print