In a time when internet security risks grow more prevalent by the day, it seems college students have more to worry about than exams and grade point averages – they now also have to worry about the security of their confidential information.

In 2006, over a dozen colleges and universities have had the privacy of their students, staff and faculty compromised by hackers, who were able to break into the school networks and gain access to personal records, including social security numbers, health records, payroll data, and other private information. In April 2006 alone, security attacks were carried out on University of Medicine and Dentistry of New Jersey (Newark, NJ), University of South Carolina (Columbia, SC), University of Alaska, Fairbanks (Fairbanks, AK), University of Texas' McCombs School of Business (Austin, TX), and Purdue University (West Lafayette, IN), as well as on the now notorious Ohio University in Athens, OH. Attacks carried out in May include security breaches once more at OU, plus attacks on The University of Delaware in Newark, DE; Sacred Heart University in Fairfield, CT; and Florida International University in Miami, FL. Most recently, Western Illinois University in Macomb, IL, was in June a victim of online hackers, who broke into a server containing names, addresses, credit card numbers and Social Security numbers of people connected to the school. In these attacks alone, the privacy of hundreds of thousands of people was violated due to insecure, easy-to-hack networks. In one of the Ohio University attacks, for example, hackers gained access to a computer system of the school's alumni relations department, which included biographical information and 137,000 Social Security numbers of OU alumni.

Though no current Ohio students were affected by that particular attack, the university discovered several other attacks had taken place, including a breach in the school’s office files, which contained e-mails, patent and intellectual property files, and Social Security numbers; and an attack on a Hudson Health Center system, which contained information such as date of birth, PID#, Social Security numbers and clinical information of current and past students, faculty, and staff. Additionally, in May, a breach was discovered to have occured on a computer containing 1099 tax files for vendors and independent contractors who had worked at the school. All the hacking incidents remain under investigation by law enforcement, and the university has established a call center to answer inquiries.

These attacks at Ohio University, along with previous attacks on schools such as UT McCombs, where nearly 200,000 students, faculty, staff, alumni, recruiters, and even prospective students had their biographical information accessed by strangers, illustrate the need for colleges to secure their networks and protect sensitive information. Not only those who once attended or were employed by an institution can be compromised – a system breach at the University of Notre Dame in January exposed Social Security numbers, check images, and credit card numbers of school donors, the information for whom was stored on a school server. The school did not disclose the number of donors affected by the breach.

In the event of a security breach, there are basic response steps colleges and universities should take to ensure proper follow-up is implemented:

1. Report the incident to college officials.
2. Find out how many people were affected, who was affected, and what information was accessed.
3. Report the incident to law enforcement if criminal activity is suspected.
4. Inform legal, executive and public relations contacts of the incident and coordinate statements for the media and the public.
5. Inform those affected by the breach of the incident and advise them of possible risks and solutions.
6. Be sure to repair the breached systems, secure the networks, and take other necessary precautions to prevent future attacks.

A comprehensive list of all major security breaches that occurred in 2005 and 2006, including those affecting colleges and universities, can be found at http://www.privacyrights.org/ar/ChronDataBreaches.htm.