Universities Produce Paydirt for Criminal Hackers

Monday, December 13, 2010



Criminal hackers have found Universities to be a prime target in their efforts to amass confidential details that can be employed in identity theft rackets.

According to a report by security researchers at AppSec, 2.3 million records have been illegally accessed at 158 institutions of higher education in the United Sates since 2008.

AppSec's vice-president of product management Josh Shaul says, "When an attacker gets access to university databases, it's like hitting the jackpot."

University databases contain a wide variety of personally identifiable information (PII), from social security numbers and financial information to health records. Higher education institutions also have great deal of account turnover, unlike corporations.

"A university or college could be housing potentially billions of PII," Shaul stated.

The FCC indicates that identity theft has become the number one consumer complaint, with over one million new victims yearly.

Universities and colleges tend to be under extreme financial pressures, and data loss prevention efforts can be an expensive proposition. Many instituions do not aggressively mitigate risks until after a significant data loss event has occured, and hackers have take note of the low hanging fruit.

"One of the first and easiest steps is to ensure that the database systems have complex passwords in place and that default account logins and blank passwords have been replaced," Shaul says.

Source:  http://www.universityworldnews.com/article.php?story=20101208202734901

Possibly Related Articles:
Data Loss breaches Identity Theft Cyber Crime Headlines Hacker Higher Education Personally Identifiable Information
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.