Connecticut college experiences data breach scare

The latest higher education institution to learn the hard way about the dangers of a data breach is Western Connecticut State University.

Universities are where some of the smartest people in world work, study and reside. Still, all across North America, even the best and brightest can be caught uninformed about the dangers and consequences of lax classroom control over computer labs and online filing. One might think that even after all of the university data breaches that have occurred over the past seven years – there have been 662 publicly announced data breaches at educational institutions since 2005, according to the Privacy Rights Clearinghouse – more colleges would have boosted their layered security, but that is not always the case.

The latest higher education institution to learn the hard way about the dangers of a data breach is Western Connecticut State University. Late last month, the college announced that the records from the past 14 years of approximately 233,880 students, faculty members and others associated with the university may have been improperly exposed, IDG News Service reported that some of the information not adequately protected included names, addresses, Social Security numbers, college admission test scores and personal financial data.

What happened at WCSU?
Three months ago, the university discovered that a gap in its tech solution existed between April 2009 and last September as a result of an incorrect setting on some hardware, meaning sensitive information dating back to 1999 was potentially ripe for cyber thieves to nab, The Daily Campus reported. While the university has no evidence that the data was ever improperly accessed during the three-year period, it immediately closed the security loophole based on the value of the information that was unprotected.

IDG reported that not only was monetarily valuable data like Social Security numbers exposed, but the system included college admission test scores that are frequently purchased by institutions of higher learning.

“We are disappointed that the potential existed to have these records exposed but we will do everything we can to protect our students, their families and others with whom we have worked,” WCSU President James Schmotter said in a December statement. “The steps we are taking and the solutions we are offering to every one of those affected are designed to address any problems this situation may have caused.”

How has the university responded?
The university has taken a number of proactive steps to ensure that the security gap does not cause any damage, but the issue first discovered in September was only announced to students and the general public earlier this month. WCSU’s Board of Regents Information Security and Policy Office has been investigating the matter over the past three months, and the university has told the Connecticut Attorney General’s office about the issue.

Steps taken by the university to protect students and faculty include:

• The creation of a searchable database in three languages to let people see if they might have been affected. In addition, the university said it will send out letters to all people within the database to proactively and directly inform them about the matter.
• Two years of free identity theft protection for anyone whose information was potentially exposed
• More stringent oversight of classroom software and classroom computer networks, plus the installation of more comprehensive layered security

“I’d have to say that the security breach hasn’t really affected anything about day to day campus life, but WCSU is offering free identity protection services for those who want it, so I’d say that they handled the situation quite well,” WCSU student Noah Adams said to The Daily Campus.

Can and should the university be doing anything else to limit the fallout of the breach? Do you think classroom lab management software would have been more effective in identifying the issue earlier on? Leave your comments below to let us know what you think about this bit of news!

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.