By TOM ZELLER Jr.
If the computer age is continually testing how well institutions
protect personal information, the nation's colleges and universities
may be earning a failing grade.
Last Monday, administrators at the University of California,
Berkeley, acknowledged that a computer laptop containing the names
and Social Security numbers of nearly 100,000 people - mostly
graduate school applicants - had been stolen. Just three days
earlier, Northwestern University reported that hackers who broke into
computers at the Kellogg School of Management there may have had
access to information on more than 21,000 students, faculty and
alumni. And one week before that, officials at California State
University, Chico, announced a breach that may have exposed personal
information on 59,000 current, former and prospective students.
There is no evidence that any of the compromised information has been
used to commit fraud. But at a time of rising concerns over breaches
at commercial data warehouses like ChoicePoint and LexisNexis, these
incidents seem to highlight the particular vulnerabilities of modern
universities, which are heavily networked, widely accessible and
brimming with sensitive data on millions of people.
Data collected by the Office of Privacy Protection in California, for
example, showed that universities and colleges accounted for about 28
percent of all security breaches in that state since 2003 - more than
any other group, including financial institutions.