Click here to receive your FREE subscription to Campus Technology
News Feature
Once More unto the Breach
4/13/2007
The announcement earlier this month of a potential data security breach at the University of California, San Francisco (UCSF) may have come as a shock to the 46,000 individuals who received notification that their personal information might have been compromised. But for industry observers, this latest revelation was just another in a long string of security incidents impacting institutions of higher learning.Higher ed isn't the only sector suffering from breaches in security, but it is, in some ways, in a unique predicament. Adam Thermos, founder of Strategic Technology Group, said that universities typically implement standard security measures. "However," he said, "this is [academia].... Most of the problems are more out of negligence and less out of malice. Too much instability in operations, too many work study and graduate students in and out, too many cooks in the kitchen...."
Regardless of the causes--and it should be noted that the specific cause of the UCSF breach is not known publicly, if at all, as of this writing--data breaches in higher education are more common than in most other sectors. Are higher education institutions doing all that can be done to safeguard the personal data of their students, employees, and customers? And, when breaches do occur, are the universities doing everything they're supposed to be doing?
We spoke with a number of analysts and industry observers on this issue in light of the UCSF incident. For the most part, they agreed that higher education is doing well in many cases when it comes to responding to incidents; but efforts at safeguarding data leave something to be desired, especially given some obvious and relatively unobtrusive measures that could be adopted.
What Happened at UCSF?
In March, UCSF discovered that a file server located at the University of California Office of the President in Oakland, CA might have been accessed electronically by an unauthorized, as-yet-unidentified entity. The server itself contained information on staff, students and faculty at UCSF and the UCSF Medical Center--including Social Security numbers and bank account information related to payroll and "reimbursement deposits."
According to UCSF, there was no patient information from the UCSF Medical Center on the server.
As of this writing, the university had not determined whether there had been any unauthorized access to the data (or had at least not shared such information with the public). And no incidents of identity theft as a result of the potential breach had been reported.
UCSF's Response
The university's response to the situation was, initially, to remove the system in question "immediately" from service so there would be no further possible risk. Following this, in April, UCSF then sent out notices to some 46,000 individuals who had ben associated with the university or the Medical Center over the last two years.
Recommended Reading
- Moodle Gets SCORM Improvements, Security Fixes
New versions of Moodle have been released, bringing the most recent stable build to 1.9.3. The latest round of updates includes a number of bug fixes and security enhancements, as well as improvements to the SCORM module.
- Free 'Morro' Antivirus To Replace Microsoft OneCare
Microsoft is rolling out a free antivirus software program for consumers that will compete with products made by Symantec and McAfee. Code-named "Morro," the AV app is expected to be available by the end of 2009.
- Microsoft Demos New SQL Server Features at PASS
Microsoft Wednesday previewed the ability to centrally manage applications and resources in the planned upgrade of SQL Server, code-named "Kilimanjaro."
- Microsoft Unveils Exchange and SharePoint as Services
Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft--Exchange Online and SharePoint Online--which are now available to organizations of all sizes in the United States. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.
- 6 Ways Not To Become Rote Using Instructional Technology
There are, in my experience, six strategies to consider with any use of technology that will guard against rote use of technology and facilitate critical analysis of teaching and learning effectiveness. In this article, I'll share with you the checklist I work with and encourage others to work with in learning about and using new technology.
- Bringing Student Web "Stuff" to Campus Enterprise Systems
How can an institution incorporate Web 2.0 learning opportunities for students, and evidence of learning from those opportunities, into existing campus technologies and processes? PlugJam is providing part of the answer.
