Wired Campus icon


Maryland System Leaders Try to Reverse Ruling That Blocked Online Program


Wanna Make an App for That? Stanford U. Streams iPhone Development Course

January 12, 2010, 03:00 PM ET

Educational Data Breaches Declined Last Year, Report Says

The number of data breaches at educational institutions last year was slightly lower than each of the previous two years, according to a report released Monday by the Identity Theft Resource Center.

The report, which attempts to summarize all reported data breaches for 2009, shows that about 16 percent of them happend in the educational sector, while 41 percent took place at businesses and 18 percent occurred at government or military facilities.

Hacking was the most common type of data breach, just ahead of accidental exposure of information, and "data on the move," according to the report. That last kind of incident was particular troubling to Linda Foley, a founder of the center, who defined the category as theft or misplacement of mobile devices, such as laptops and jump drives, that contain confidential information. She said that most instances occurred when a professor took home a laptop that was subsequently stolen or lost.

Because there is no way to guarantee that people and institutions will report data breaches, it is nearly impossible to get an accurate count of how many instances occur in any year. The center's 2009 report analyzes the 498 cases that were reported, but it acknowledges that that number is probably lower than the actual number of data breaches in 2009.

“This is what we know, and this is what we have analyzed based on the information we know,” Ms. Foley said.  

The report shows that of the 498 reported cases, paper breaches account for 26 percent, an increase of 46 percent from 2008. It also shows that malicious attacks have surpassed human error for the first time in three years.

Adam Dodge, who tracks security breaches at colleges on his blog, said that he has also noticed that the gap is shrinking between the number of malicious attacks and human error.

“We’re not sure if it is that these malicious attacks are growing or that the number of employee-related mistakes are shrinking,” said Mr. Dodge, who is assistant director for information security at Eastern Illinois University (though he says his work on the report is not connected with his role there).


1. lee77 - January 13, 2010 at 09:19 am

The title of this article failed to reflect the emphasis that Identity Theft Resource Center made - namely the number of REPORTED breaches is falling... as the large breaches get larger (e..g Heartland), and smaller ones more common, the media is reporting fewer. And not all states with data breach laws have the data about breaches in a common/publicly available form. There is every reason to believe that awareness of breaches has continued to increase, if only because more states have breach laws, and people are more sensitive to situations that in the past were ignored. The good news is the most of the accidental breaches don't result in personal identity theft, and most hackers aren't targeting higher ed for individual financial credentials.

Add Your Comment

Commenting is closed.