Just a week after Ohio U.‘s president told a packed room at The Chronicle’s Technology Forum in Tampa that the university’s days of sloppy IT security were over, the student newspaper has reported another lapse: 25,000 photos of students were on a freely available Web server, with no password protection.
The photos appeared to be head shots of students taken for their university identification cards, the paper, The Post, reported. They were on a Web site used by the university’s resident assistants. The site was available to anyone who knew the precise Web address to type into a browser.
No other data were associated with the photos, and within hours of being notified of the lapse by the newspaper, the university restricted access to the images. It does not appear that anyone’s privacy was compromised. But in these situations one can never be sure. And leaving these images open to the public might be a violation of the Family Educational Rights and Privacy Act, a federal law.
Ohio U. made national headlines in 2006 after hackers broke into the institution’s computer network several times, exposing thousands of private alumni records. Roderick J. McDavis, the university’s president, told the Technology Forum crowd on February 26 that Ohio U. had shored up its IT department and network systems, spending $2-million so far, with plans to spend $8-million altogether.
But apparently there are still a few holes to be patched. “This is a perfect example of where there was one layer that was not as pat as we would want it to be,” Brice Bible, the university’s chief information officer, told the newspaper.—Josh Fischman
Developing online and blended learning programs requires research and collaboration. Learn how top technology companies are partnering with campuses across the country to advance online learning as it becomes an increasingly important aspect of higher education.