Let Us Help You

Have you had a data breach?

If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at databreachinfo@experian.com or call 1 866 751 1323.


How hackers find their targets

Take an inside look at a hacker in action on how they select their victims. Learn the steps that company can take to reduce the threat.

Academia’s Ivory Towers Aren't Immune to Data Breaches

With autumn in the air, millions of students are marching back to school and – on university campuses especially – millions of computer keyboards are humming back to life.

Listen closely and you can hear the echo of cyber thieves stalking millions of easy, new prey.

Amidst the roiling concern of corporate and financial giants falling victim to fraudsters, less attention is paid to the problem of data breaches within higher educational institutions.  Yet according to the independent website DatalossDB.org, this epidemic within the seemingly safe bubble of academia accounts for roughly one out of every four data security breaches, ranking as the number two market experiencing data breaches – right after the financial sector.

Why are universities so vulnerable? According to a 2010 report by Application Security, higher educational institutions typically suffer from a variety of security weaknesses that make them particularly attractive targets for malicious hackers:

  • Appealing data. University databases are treasure troves of personally identifiable information (PII), including names, addresses, social security numbers, credit card information, financial information, and healthcare information, all of which can translate into lucrative rewards on the cyber black market.
  • Fluid populations. High-volume and ever-shifting student bodies, as well as the enormous staff required to run these institutions, means that new streams of personal data are always available and controlling user rights and access to data is always challenging.  Further, students often bring unencrypted laptops with little or outdated security software to campus and use these computers in ways that enable easy access for hackers.   
  • Open systems. The typically transparent and open access nature of university systems, so necessary to foster a free exchange of ideas and information, contradicts the need to keep sensitive data tightly secure, resulting in increased exposure to cyber attacks.  And the nature of university life is such that students and professors often log in and out of public computers, leaving accounts open and data insecure.
  • Tight budgets.  Higher educational institutions are often cash-strapped and resource-limited; last year, only 50 percent of universities increased their IT security budgets, despite increasing attacks.  IT departments commonly suffer from limited budgets across the board, disparate and sometimes unsupported legacy systems, and confusion with other IT departments amongst different colleges within the same university.  Further, IT support is often recruited from within the student body, resulting in less experienced technical staff with high turnover.  Finally, some speculate that as staffs are downsized amidst the economic downturn, former disgruntled employees can become tempted to cash in on their access to valuable databases.

The security weaknesses within universities are varied, so the solutions to widespread data breaches aren’t simple. The increased regulations requiring universities – like any other business – to be compliant with steps to mitigate data breaches helps, but compliance doesn’t automatically translate into security.  Higher educational institutions must continually bolster their data breach defenses through every means at their disposal, with constant evaluations and updates from security professionals who make it their business to keep cyber thieves at bay.  After all, ivory towers may seem sturdy, but malicious keystrokes are the modern-day equivalent of flaming arrows, and these days the best cyber defense is a powerful security offense.

Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.