Higher Education Has A Lot To Learn About Data Breaches

Higher Education Has A Lot To Learn About Data Breaches

Columbia University recently made headlines for its data breach, but it's not an isolated incident. In fact, data breaches are all too common in the higher education sector. According to public filings, 868,969 people had their personal information compromised after a May data breach was discovered in June, but officially disclosed only in August. This staggering number of affected individuals raises questions about why such a significant breach occurred at an institution with relatively limited employment and student enrollment.

The discrepancy lies in the fact that Columbia kept sensitive personal information on both current and former students, as well as applicants, including those who were never accepted or attended the university. This practice is not unique to Columbia; many colleges and universities store extensive amounts of personal data, making them a prime target for corporate spies, foreign governments, identity thieves, and ransomware gangs.

Data breaches are a persistent threat in the higher education sector. Over the past 20 years, American educational institutions have experienced over 3,173 data breaches compromising more than 37.6 million records. The most devastating year for such breaches was 2023, with 954 reported incidents. Notably, the MOVEit file transfer software supply chain hack affected over 800 institutions using the corrupted software, including the University of Georgia, which saw 800,000 students, former students, faculty, and staff fall victim to the breach.

Colleges and universities present a unique vulnerability landscape. The combination of valuable intellectual property, research data, and sensitive personal information creates an attractive target for hackers. Furthermore, outdated computer security systems, open and decentralized networks, and the extensive use of Internet of Things devices further exacerbate this risk.

Basic steps to protect sensitive data, such as encryption and dual factor authentication, are often neglected by schools. Additionally, many institutions fail to implement sufficient security measures, including limiting access to personal information and purging unnecessary records. This is particularly concerning for Social Security numbers of students who have long since graduated or applicants who were never admitted.

What Can Colleges and Universities Do?

To address this growing concern, colleges and universities must make a greater commitment to data security. Implementing robust data breach prevention systems is crucial, which should include, but not be limited to:

  • Updated firewalls
  • Limiting access to personal information
  • Purging unnecessary information
  • Dual factor authentication
  • Encryption

Protecting Yourself If You're a Victim of a Data Breach

If you've been affected by a data breach, it's essential to take immediate action:

Freeze your credit if you haven't already. This is free and easy to do, and it protects you from someone using your identity to obtain loans or make large purchases.

Put a credit freeze on your credit reports at each of the major credit reporting agencies. You can find links and instructions for this process on the websites of:

Regularly monitor your credit reports for indications of identity theft. The three major credit reporting agencies now provide free weekly access to your credit reports, making it easy to keep an eye on your financial information.

Beware of scammers who call you offering to help with a data breach and ask for personal information. These hackers often use phishing tactics to lure victims into providing additional personal details that can lead to further identity theft.