Ohio University and Sacred Heart Screws Students
Huge data breaches at these universities have exposed well over a quarter million social security numbers and other personally identifiable info. This is what happens when you spend your tuition at schools that refuse to invest in proper information security practices, including monitoring for attacks and a strict official usage policy.
Both Universities are trying to lock the barn doors now that the horses have had their identities turned into mules.
From CNET Here for OU.edu:
An unprecedented string of electronic intrusions has prompted Ohio University to place at least one technician on paid administrative leave and begin a sweeping reorganization of the university’s computer services department.
Bill Sams, Ohio University’s chief information officer, said he initiated the reorganization on Friday. The Athens, Ohio-based university is reacting to recent discoveries that data thieves compromised at least three campus computer servers.
In a disclosure that hasn’t been widely reported, one of the compromised servers, which held Social Security numbers belonging to 137,000 people, was penetrated by U.S. and overseas-based hackers for at least a year and possibly much longer, Sams said in a phone interview Sunday with CNET News.com.
Ohio University only became aware that a problem existed after the FBI discovered someone had remotely taken control of one of the school’s servers.
Sacred Heart Screws its students and former students in this article here:
Sacred Heart University is the latest school to be victimized by hackers, according to a message posted on the school’s Web site.
The university said in the post that it discovered the intrusion on May 8, and notified police and the FBI, which have launched investigations. Sacred Heart offered no details on when the hackers may have entered the system or the kind of information that may have been exposed. School officials could not be reached.
But television news channel WTNH, reported on Thursday that the school has notified about 135,000 people that their personal information, including Social Security numbers, may have been compromised. Some of the people notified, according to WTNH’s report, have never been associated with Sacred Heart.
The news channel quoted an unnamed source who said that the school told him that his name, address and Social Security number were obtained by the university from information he provided when he took his college entrance exams eight years ago. The report didn’t say why Sacred Heart would collect such data, but schools often gather such information for recruiting purposes.
Video on the Sacred Heart Breach is Here.