Kirkwood Community College’s Website was hacked on March 13th, exposing 125,000 social security numbers of people who applied during an 8 year period. I can imagine notification on this population would be a nightmare, a large, highly mobile population.
The college, which announced the unlawful incident on Monday, said archived application information from February 2005 until March 13, 2013, may have included applicant names, birth dates, race, contact information and Social Security numbers.
No financial information was stored in the system.
This collegeg data breach comes after a great interview with the Chief Risk Officer of University of California, Grace Crickette, wherein she talks about the risks towards PII/PHI that are unique to the university.
Q: What PII/PHI risks are unique to universities as opposed to other organizations?
The University of California, like other institutions of higher education, is subject to a variety of unique exposures related to information security and privacy. With ten campuses and five medical centers, the University is faced with managing a multitude of systems and endless records of information for alumni, students, staff,and medical patients. Our population is constantly changing, community members interface with our systems with a variety of personal mobile devices, and a significant portion of our population consists of young people who are active on social media and may not have a strong awareness of data privacy risks. We are subject to financial, medical, and educational privacy regulations, so there are compliance risks, and reputational damage is also a critical risk for universities.
You can read the full article about the Kirkwood security breach here: Hackers access Kirkwood Community College Web site
You can read the full interview with Grace here: Privacy and the University: Managing to the Mission