The University of North Florida this week is embarking on the embarrassing, but necessary, process of notifying more than 106,000 students and applicants that someone managed to hack into a sensitive file housed on one of the university’s servers, exposing their social security numbers and other personal information.
In a security advisory posted on the Jacksonville, Fla.-based school’s website, university officials said an authorized person outside of the U.S. managed to access a recruitment file sometime between Sept. 24 and Sept. 29.
The compromised data included all types of information provided by applicants to the university between 2007 and 2010, including social security numbers, names, dates of birth and, in some cases, student’s SAT and ACT scores.
The university’s on-campus police department is working with the FBI to investigate how the server was infiltrated, if other files were compromised and how many times the file was accessed during the breach. It’s also exploring new security technologies and policies in order to prevent future data security incidents.
“UNF is constantly reviewing and updating information technology security systems and procedures,” the university said in the advisory. “However, security technology is constantly changing, which means cyberspace intruders are finding new ways to compromise systems.”
“As new security features become available and we become aware of new attack modes, we will continue to take steps to prevent this type of activity,” it added.
Data breaches at institutions of higher learning have become all too common in the past two years because cybercrooks are attracted?to the vast pools of data available on university systems and the comparatively lax security technologies and procedures that are supposed to be safeguarding student, faculty and employee data.
According to security software vendor Application Security Inc., more than 2.3 million files have been breached at U.S. colleges and universities since 2008 in 160-plus separate attacks.
“This breach at the University of North Florida is one of the larger higher educational breaches we’ve seen,” Josh Shaul, vice president of product management at Application Security Inc., told InternetNews.com. “We have been seeing a significant uptick in the amount of higher education breaches being reported in the past few years.”
Shaul said that according to data security researcher and consultant the Ponemon Institute, University of North Florida officials could expect this breach to cost an average of $204 per record exposed, or more than $20 million in total.
Universities and colleges now rank only behind financial services firms as the most targeted industry for cybercrime and identity theft.
Just last month, tens of thousands of students at Rice University and the City College of New York were victimized by data breaches that put their most sensitive data at risk.
University of North Florida officials are advising anyone who applied to enroll at the school between 2007 and 2010 to keep a close eye on their credit reports and banking information and have set up a telephone hotline and email address to answer any questions and provide updates on the breach investigation.
Follow eSecurityPlanet on Twitter @eSecurityP.