Auburn University is the latest university to announce a data breach, with the names, physical addresses, birthdays, Social Security numbers, and academic information of 364,012 people made openly accessible online from September 2014 until March 2, 2015.
According to university spokesman Mike Clardy, the incident occurred when the university was replacing a broken server. The data was placed on another device, which was accidentally left accessible by anyone online. The university discovered the mistake on March 2 and immediately unplugged the machine.
What’s worse (if there is such a thing in this kind of situation) is that the compromised data wasn’t just from students of Auburn University, but data from students around the country who had never attended or even applied to the university.
It’s quite common for universities to look for suitable candidates by obtaining personal and academic data on students, but it’s unclear why Auburn kept that data.
Keeping confidential information secure
It looks like universities across America have had a tough time keeping personal data secure in the past 12 months:
- University of Maryland exposed 300,000 students’ and employees’ SSNs and more.
- North Dakota University lost data on 300,000 students to hackers.
- Butler University lost 200,000 students’ records to hackers.
- Indiana University exposed information on 146,000 students.
What makes things difficult is that universities are made up of such large and complex networks and systems that implementing security controls is a massive undertaking.
ISO 27001, the information security management system standard, simplifies the requirements of diverse regulatory laws (e.g. FERPA, HIPAA, PII, PCI) into a single management system. This streamlines much of the work of adhering to complex requirements that often overlap significantly.
For universities looking to secure their systems with an internationally recognized standard, there are a number of ISO 27001 fixed-price packaged solutions that offer different degrees of tools, resources, and support depending on your organization’s needs.