Human error and theft of property were the primary causes of information security breaches at universities worldwide last year, The Chronicle of Higher Education reported earlier this month.
The Educational Security Incidents Year in Review, a Web site that tracked news coverage of the incidents, found that of the 139 incidents reported in 2007, 53 were due to "unauthorized disclosure of sensitive material" or mistakes made by university personnel. This number had increased from 20 the previous year. The report did not involve AU.
Cathy Hubbs, the chief information security officer in the Office of Information Technology, said AU has been fortunate that it has experienced only minor incidents, such as stolen or misplaced laptops, Web site defacements or Web site intrusions.
"In regard to human error, we are starting educational efforts and audits to help direct human behavior," Hubbs said. "In regard to malicious attacks, we are implementing safeguards that can guard the gates to our electronic information."
Michael Johnson, a sophomore in the School of International Science, said he blamed inexperience at the administrative level for a lack of data security at universities.
"I don't feel that my information is safe," Johnson said. "I trust the IT people, but not the people like the poorly trained secretaries on campus."
In 2007, more than 100 universities reported almost twice as many computer-security incidents as occurred the previous year. The previous year, 65 colleges reported 83 security breaches.
The considerable increase in the number of incidents was not due to intentional hacking of on-campus computer networks, according to The Chronicle. That rate actually decreased to 30, down from 33 in 2006.
AU experienced its own information security breach in January when a student's tip led officials to remove multiple cardboard boxes, some of which contained papers with students' Social Security numbers on them, from a hallway in the McKinley Building, The Eagle previously reported.
William Shields, a junior in the School of International Service, said it always surprised him when students' personal information was compromised despite preventative efforts by the university.
"[AU] certainly can be doing more, especially if they are leaving boxes around," Shields said. "It's easy stuff that would make a world of difference."
The ESI report indicated that in 2007, 103 incidents had exposed a total of 1,085,708 Social Security numbers. That number was down from 2006, when 66 security breaches compromised more than 2 million numbers.
Property theft was the second most common cause of information loss at colleges, the report stated. This included theft of information or information resources, such as computers or storage devices, according to the report.
The most recent occurrence of computer data theft was at Georgetown University. The incident came to light only a few days after AU's incident. The culprit stole a hard drive containing personal data on 38,000 students and alumni.
Jay Palatucci, a junior in the College of Arts and Sciences, said he blamed a lack of oversight of certain administrative duties for recent problems at AU, specifically citing the scandal with former AU president Benjamin Ladner.
"We like to think that the university has our best interests at heart because we spend so much money to go here," Palatucci said. "With that comes a certain level of trust. While I'm disappointed with the lack of oversight, I can't say that I'm surprised"
