Security software vendor McAfee kicked off National Protect Your Identity Week by warning consumers that colleges and universities are the most dangerous places to leave or use their social security numbers, making them more likely to become victims of identity theft.

According to McAfee (NYSE: MFE) consultant and identity theft expert Robert Siciliano, between January 2009 and October 2010, more than 108 data breaches that exposed people's social security numbers took place at major U.S. colleges and universities, more than any other private or public sector industry.


This epidemic of security attacks on colleges around the country is costing consumers, universities and businesses hundreds of millions of dollars a year and making life much easier for cybercrime syndicates looking for large pools of personal information to loot bank accounts and make unauthorized purchases online.

Just this week, officials at the University of North Florida warned more than 106,000 students and applicants that a foreign-based hacker had cracked into a university server and accessed tens of thousands of social security numbers, names and other personally identifying information (PII).

Colleges and universities were even more dangerous -- that is, more likely to expose a person's SSN -- than banking and financial institutions (96 breaches) in this time period. Hospitals, which in recent months have been subject to stiff fines and greater regulation and supervision from state governments, checked in third on the list with 71 SSN-divulging incidents.

"For the past 70 years, the social security number has become our de facto national ID," Siciliano said in the report. "But functionality creep, which occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform, soon took effect." Identity Protection2.jpg

"You’re forced to disclose your social security number regularly, and it appears in hundreds or even thousands of files, records, and databases, accessible to an untold number of people," he added. "Anyone who does access your social security number can use it to impersonate you in a hospital, bank, or just about anywhere else."

More troubling, according to security research and consulting firm Javelin's 2010 Identity Fraud Survey Report, more than 32 percent of all identity theft victims were looted because cybercrooks got their hands on their social security numbers.

Siciliano researched significant data breaches involving purloined SSNs published by the Identity Theft Resource Center, Privacy Rights Clearinghouse and the Open Security Foundation to create the Top 10 list.

Checking in at No. 4 were state governments followed by local governments and federal governments (No. 6).

Rounding out the Top 10 most dangerous places to use your social security number were medical businesses, non-profit organizations, technology companies (No. 9) and insurance companies.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Follow eSecurityPlanet on Twitter @eSecurityP.