Personal data apparently isn't sacred at Sacred Heart University. The university says an onsite computer containing information on 135,000 individuals has been hacked.
The data contained personal information such as names, addresses, and Social Security numbers. In some cases, the individuals had never attended the Fairfield, Connecticut-based university, nor worked there or been associated with it in any fashion.
The FBI was contacted and, according to Sacred Heart's spokespeople, will soon begin an investigation.
The university has set up a special Web site and toll-free number to address concerns and provide information for affected individuals. In a statement on the Web site, the university stated that it could not verify if the data had been accessed, "but we believe that the intruder had the expertise to do so."
Why would a university collect and store data on individuals who had never been students or employees?
According to a university spokesperson interviewed by local TV station WTNH, Sacred Heart collected information on "prospective students" from job fairs and testing services, among others.
Connecticut Attorney General Richard Blumenthal told WTNH that his office would be opening an investigation of its own, particularly into the reasons why Sacred Heart was collecting data from unaffiliated individuals.
Blumenthal is also leading a crackdown on the hugely popular MySpace.com Web community, asking that the site provide blocking software to prevent minors from viewing pornography posted on the site, and preventing children under 16 from being able to join.
Universities Targeted
The Sacred Heart breach is the latest in a series of data breaches and hacks of university computer systems.
In March 2006, a Georgetown University network server containing data on 40,000 Washington D.C. residents was hacked, exposing the names, addresses, and Social Security numbers to identity thieves.
Ohio University suffered a series of data breaches over the last few months, culminating in the theft of medical and personal information on 60,000 students from one of its health centers.
Bill Sams, Ohio University's chief information officer, recently revealed that the information had been in hackers' hands for nearly a year before its loss had been detected.
Security research analyst Avivah Litan told CNet News that the Ohio University breach demonstrated that colleges and universities don't take personal data security as seriously as they should, given the amount and type of information they collect.
