Colleges and universities across the
country may be making it much easier for hackers to steal sensitive information
from students and their parents, according to research done by Halock Security
Labs.
A survey of 162 institutions found
that more than half of colleges and universities transmit sensitive information
over unencrypted channels, including financial statements. In addition, one
fourth of the schools said they ask that personal information be sent by e-mail.
“When universities utilize unencrypted
e-mails as a method for submitting W2s and other sensitive documents, the
information and attachments are transmitted as clear text over the Internet,”
Terry Kurzynski, partner at Halock Security Labs, told eCampus News. “This format is susceptible to hackers and
criminals who can use this private information for identity theft.”
The report said the open culture of
higher education and budget issues facing colleges leave IT departments without
the funds to protect student information. It said campus administrations may
not completely understand the dangers of sending the information over
unencrypted channels, but should since the issue could draw the attention of
federal and state government agencies.
“These are foreseeable risks that are
extremely treatable,” Kurzynski said. “Breaches resulting from this type of
transmission will capture the attention of states’ attorneys general and the
Federal Trade Commission.”
