Two new incidents of data loss and hacking at a university and a student loan center are the latest indicators of the poor state of data security in higher education.
Northwestern University reported on June 14th that hackers had gained access to a set of computers containing personal information on 17,000 student applicants, located in the school's Office of Admission and Financial Aid.
The information included names, addresses, and Social Security numbers. Although the university claimed there was no evidence that the data was misused, they sent out notifications to applicants nonetheless.
The breach apparently occurred after the computers had desktop application software installed to enable tech support to fix problems remotely.
On July 17th, student loan company Nelnet reported that a data tape containing information on 188,000 borrowers had gone missing while in the possession of United Parcel Service (UPS). The data involved loans serviced by Nelnet that previously belonged to the College Access Network, dating between November 1, 2002, and May 31st, 2006.
In a public statement notifying borrowers of the loss, Nelnet claimed UPS had not "lost control of the package," but was nevertheless unable to find it.
Nelnet's chief information officer, Ray Ciarvella, claimed the tapes required "sophisticated data-mapping equipment" to utilize, and that the process used to create them was "no longer employed."
Neither Nelnet or UPS explained how the data tapes could be missing and in UPS' control simultaneously, or why such a sophisticated system for storing data was being phased out.
The Nelnet and Northwestern incidents are the latest in a series of data breaches and hacks plaguing the collegiate world. Ohio University was the center of a series of high-profile data breaches, which led to the resignation of its chief information officer.
Sacred Heart University, located in Fairfield, CT, suffered its own data breach embarrassment when a server containing data on 135,000 students, employees, and "prospective" applicants was hacked.
Student loan company Texas Guaranteed lost control of data belonging to 10 percent of its borrowers, when it was downloaded onto a mobile storage device by an employee of third-party contractor Hummingbird, and then misplaced.
And a laptop containing data on 28,000 students and faculty in the Vermont State College system was allegedly stolen from an employee's car while the employee vacationed in Montreal.
