Complain about a product or service

Ohio University: Data Breach Central?

By Martin H. Bosworth
ConsumerAffairs.com

May 15, 2006

Data Theft • Bank Data Breach Affects 12.5 Million Consumers • Data Breaches Exceed 2007 Record • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

The news that hackers gained access to the medical data of thousands of Ohio University students, due to a security breach at the university's Hudson Health Center, was only the latest in a series of attacks that have plagued the college since late April.

The Hudson Health Center data contained identifying information on 60,000 students, including Social Security and personal identifier numbers, addresses, and data on medical treatments.

The Health Center breach followed an attack on a network server containing data on 300,000 Ohio University alumni and donors, including 137,000 Social Security numbers.

And on April 21st, the university's Innovation Center was hacked, leading to the exposure of intellectual property files, e-mails, and Social Security numbers, according to the university's press statement.

Bill Sams, chief information officer for Ohio University, told the Columbus Dispatch that the information was coded in such a way that medical records and personal identifiers could not be immediately matched, reducing the risk to affected individuals.

Sams claimed that the university "had a 20-person team, working seven days a week" to perform a security audit on the Ohio University network and servers.

No information was available indicating that the breaches were the work of the same group of hackers.

The Department of Health and Human Services stated it would investigate to verify if federal privacy laws governing the collection of personal data and medical records were violated.

The university had announced in late 2005 that it would stop using Social Security Numbers (SSNs) for personal identification, and was updating its systems to use unique ID numbers instead.

The Ohio University breaches were the latest in a trend of identity thefts and data losses targeting universities in recent months. In March, a hacker ring broke into servers hosted by Georgetown University, and stole data on 40,000 residents provided by the city's Office on Aging.

And in one of the many instances of laptop thefts leading to security breaches, a Vermont State College employee's laptop was stolen from his car during a Montreal vacation. The laptop contained data on 20,000 students, faculty, and retired members of the Vermont State College system.

Both houses of Congress are currently considering legislation that would restrict the usage and storage of SSNs in order to stem the tide of potential fraud and identity theft that can result from their misuse.

Rep. Ed Markey (D-MA) has introduced two pieces of legislation designed to place data brokers such as ChoicePoint under the jurisdiction of the Federal Trade Commission (FTC), and to limit the sale and purchase of SSNs, except in specific circumstances.

Under Markey's "Social Security Number Protection Act," only law enforcement and public health agencies would be able to collect and store SSNs. The sale or purchase of SSNs would otherwise be criminalized.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |