Stemming the Tide of ID Theft at Institutions of Higher Education

Limiting the types of vendors allowed to operate on campus and appropriate database management can help to keep student, faculty and staff data secure.
Published: July 18, 2011

Attending college is a personal milestone and an intellectual achievement, but it can also be an unexpected lesson in the harsh reality of identity theft. The nation’s higher education campuses are an inviting target for thieves. The easy availability of crucial information – from Social Security numbers to credit card data to private mailing addresses – leaves students and faculty vulnerable. Include E-mail correspondence and non-secure wireless Internet connections, and the risk increases.

ID theft can erase a person’s very existence — he or she is now the property of a thief — leaving the victim as the accused wrongdoer with every creditor or employer for years to come. The special nature of campus life makes this issue a public safety priority, requiring greater civic awareness and practical steps to avoid this crisis.

3rd Parties Encourage Disclosure of Sensitive Data

Fixing this problem starts by acknowledging the way third-party companies “invade” most college and university campuses. A variety of actors — including banks, booksellers, building owners and retailers — establish makeshift kiosks, where they bombard students with promotions for loans or off-campus housing or other too-good-to-be-true deals.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

The problem with this situation, aside from the way it commercializes an academic setting, is the potential security breach that accompanies the disclosure of sensitive personal information. For example, a simple application for a credit card includes an individual’s driver’s license, Social Security number, mother’s maiden name, home mailing address and private telephone number.

Keep an Eye on Your Campus Databases

University databases are also a prime target of cybercriminals. According to a recent report by Application Security Inc., there have been 158 data breaches that have compromised more than 2.3 million records at America’s colleges and universities. These databases are a veritable goldmine for criminals, containing valuable personally identifying information (PII) of students, faculty, alumni and staff. Information on these databases includes credit card and Social Security numbers, dates of birth, addresses and healthcare records. The lack of a comprehensive plan to prevent or repair data breaches of this magnitude is unacceptable.

Even the Educational Credit Management Corp., a company that guarantees federal student loans, is a victim in this fight. In 2010, thieves stole the names, addresses, Social Security numbers and dates of births of 3.3 million students.

In response to these thefts, Justin Hamilton, a spokesman for the U.S. Department of Education, argues that protecting student privacy is a top priority.  But managing student privacy is a difficult goal, particular when assigned to different agencies with conflicting agendas.

ID Theft Victims Have a Hard Time Recovering

The loss or misuse of that material can ruin a person’s life. For the victim, the financial consequences of these crimes are, while undeniably stressful, secondary to the time and effort required to correct every misconception that may forever scar a person’s record. An arrest or conviction stops the perpetrator, yes, but it does little to convince a prospective employer that this newly minted college graduate is not, in fact, unreliable or a credit risk.

College professors and administrators are not immune to this challenge, either. In fact, professors may be especially vulnerable to an attack since so much of their personal information is open to the public.

For example, a professor’s entire work history — everything from his contact information to curriculum vitae to references — is often part of the public domain. All of this material, including the names of spouses and children, is easy to uncover.

A quick review of the faculty page at one of the nation’s top law schools proves this point. The assistant dean’s CV, which is available online, reveals the ages and occupations of his son and daughter, his wife’s place of employment and the family’s home address. An enterprising thief could quickly use this data to commit a series of crimes, while this professor, who also happens to be a former partner at a major law firm, continues to lecture about privacy and the Constitution.

Wireless Networks, Cell Phones Also Pose Challenges

These challenges are phenomena within our analog lives. Things get worse when we enter the digital world. There is some measure of control within the physical limits of a college or university campus.  Administrators and police can regulate which if any vendors solicit business, or the manner in which officials collect information from students. But those rules dissolve when undergraduates freely access wireless Internet networks, send text messages, run their own Web sites and circulate personal data with abandon.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series