Hack U – How Safe is Your Student Data?

Download a hot new single, order that pair of sneakers you’ve been eyeing, send your best friend an IM, pay your cell phone bill, check your midterm grade, and chat it up with your philosophy classmates — all at once Activate Chase Debit Card.


In fact, cyber-centric living has become such an integral part of the college lifestyle that many students don’t think twice about entering credit card numbers, Social Security numbers, and other personal information on Web sites regularly, nor do they take safety measures seriously.


Unfortunately, your college’s computer network may not be as secure and fail-safe as you think. Take a look at just how much information students give out online, and the people who may be peeking in — and potentially using that information against you.


Don’t think hacking could happen at your school? An alarming number of major universities, including University of Nevada (Las Vegas, NV) and the University of Connecticut (Storrs-Mansfield, CT) have reported hacking incidents in 2005 alone. For these and other schools, servers containing personal data — Social Security numbers, dates of birth, phone numbers, and addresses — were illegally infiltrated.


But just because a school is unaware of any security breaches doesn’t mean they haven’t happened. “I don’t think any school can say beyond a shadow of a doubt they’ve never had an instance of unauthorized access,” says Jason Wallace, chief information security officer at Norwich University (Northfield, VT).


Why is a university so much more difficult to protect than a corporation or a home computer? “The whole concept of higher education is about openness and the availability of resources,” Wallace explains. “I can’t imagine a college anywhere that’s running a Web site filter.”


Creativity and exploration are highly encouraged in the academic world, and as a result, there is more potential for hackers to find loopholes in a network that may not be ideally designed. In fact, most colleges still need to step up their security to the rapidly advancing hacker and virus technologies.


“Schools are trying to play catch up,” explains Dave Grant, director of product marketing at Watchfire, a company that produces Internet security software. “I’d say half of college Web sites are exploitable today, and about 75 percent of the hacks that occur are happening because the sites aren’t secured as well as they could be. The average Web developer doesn’t necessarily know much about security, so the sites get created with flaws.”


Beyond the “open” nature of colleges, sometimes people just make mistakes and the situation is simply out of your control. More than 300 City University of New York (CUNY) students were shocked and alarmed to discover that personal information of theirs — including Social Security numbers, loan information and amounts, and direct-deposit information — was freely available on the Internet.


According to CUNY spokesman Michael Arena, the student info was made available due to a human error. A worker at the school had accidentally placed the file outside the school’s protected firewall, making it accessible to anyone. The private data even appeared via Google.com, the massively popular search engine.


If you’ve ever lost a wallet, you know the stress of having to cancel your credit cards, get a new ATM card, order a new Social Security card, and reconstruct the life that you so conveniently carried around in your pocket or purse. Now imagine if all that information was not merely lost, but deliberately stolen from you, and then exploited.


“It’s only been during the past five or so years that we’ve been using the Internet for buying things, ordering products, entering personal information,” explains Grant. “We have good reasons for doing it, but it’s gotten easy for hackers to steal personal information as we’re pushing more and more of our lives onto the Web.”

Leave a Comment