Category Archives: Security

by

Hackers May Have Obtained Data on 163,000 at Butler U.

Butler University has joined a growing list of higher-education institutions hit by data thieves.

Butler’s president, James M. Danko, said in a letter to those who may have been affected that personal information on as many as 163,000 students, alumni, employees, and even potential applicants might have been obtained by hackers, according to The Indianapolis Star. The data breach was discovered in late May, when a flash drive containing information about some Butler employees turned up in Califo…

by

QuickWire: Another Higher-Ed Data Breach, This Time at a University Press

Duke University Press alerted users on Tuesday that its website had suffered a “security incident.” In an email blast to people with site accounts, the publisher said that usernames and encrypted passwords had been exposed as a result of the breach but that no financial information had been compromised.

According to a spokeswoman, the press learned of the breach on May 29 and had been working with the university’s Office of Information Technology in the weeks since then to gauge the extent of …

by

Emailed in Error, UVa Law School’s Student GPA Spreadsheet Spreads Fast

Think of it as an unintended ethics test for future lawyers.

The administrator at the University of Virginia’s School of Law who oversees the school’s judicial-clerkship program, Ruth Payne, accidentally sent the wrong document on Wednesday to an email list for students seeking clerkships. Instead of details about how to get hired in Maryland, she attached a spreadsheet with details about all 155 students currently seeking clerkships. The spreadsheet included each student’s grade-point average, …

by

Hazards of the Cloud: Data-Storage Service’s Crash Sets Back Researchers

Dedoose, a cloud-based application for managing research data, suffered a “devastating” technical failure last week that caused academics across the country to lose large amounts of research work, some of which may be gone for good.

SocioCultural Research Consultants, the company that sells Dedoose, is still scrambling to recover as much of its customers’ work as possible, and has said in a blog post that “the vast majority” of research data on its platform were not affected.

The crash nonethele…

by

QuickWire: Lawsuit Is Filed in Arizona Data-Breach Case

A lawsuit has been filed against the Maricopa County Community College District, in Arizona, over a data breach that exposed the personal information of 2.4 million people dating back three decades.

The lawsuit, which seeks class-action status, alleges that college officials failed to protect personal information by not mitigating a data breach in 2011, which then gave way to a more significant breach in 2013. The suit, which seeks $2,500 in damages for each potential plaintiff, was first report…

by

Data Breach at Iowa State U. Exposes Nearly 30,000 Social Security Numbers

The Social Security numbers of 29,780 students have been exposed in a data breach at Iowa State University, officials announced on Tuesday.

The university’s information-technology staff discovered a breach that affected five departmental servers containing information on students enrolled from 1995 to 2012. The servers also contained university ID numbers for 18,949 students.

University officials don’t believe the students’ personal information was the target of the attack. Rather, they said, th…

by

The ‘Heartbleed’ Bug and How Internet Users Can Protect Themselves

Security professionals working in higher education are updating servers, reissuing certificates used to guarantee secure Internet transactions, and encouraging students and faculty and staff members to take a break from the commercial Internet following the discovery of a programming flaw in a widely used Internet tool.

Dubbed “Heartbleed,” the Internet-security breakdown cuts across industries and has raised anew questions about the vulnerability of proprietary data and personal information sh…

by

QuickWire: Contractor Says He Hacked Maryland Network to Expose Flaws

A former employee of a University of Maryland contractor has told The Baltimore Sun that he breached the university’s network in an effort to highlight cybersecurity flaws that he said were being ignored.

The employee, David Helkowski, was with a company hired to work on a university website when, he said, he noticed and reported security flaws. When no action was taken to correct them, he said, he took administrators’ information, including President Wallace D. Loh’s Social Security and cellpho…

by

Google Blocks U. of Illinois at Chicago From Emailing Its Own Students

The University of Illinois at Chicago recently found itself living a modern nightmare: Google’s automated cybersecurity regime mistook the university as the culprit in a spam attack on the university’s students and began blocking university email accounts from sending messages to Gmail users.

The blocking went on for more than two weeks, and the affected Gmail users included 13,000 of the university’s own students. University officials describe those two weeks as a Kafkaesque state of limbo.

On …

by

Harvard U. Committee Proposes Standards for Email Searches

In the wake of a 2013 ruckus that cost a top Harvard University dean her job, a committee appointed by Harvard’s president has recommended that the university adopt institutionwide standards for gaining access to email and other accounts used by students, faculty members, and employees.

“At present, the university lacks a clear, overarching policy in this area,” says the committee’s report. “The absence of a single, visible, and comprehensive policy has led to confusion and uncertainty.”

The com…