The Social Security numbers, grades, and other personal identity information of over 40,000 former University of Hawaii students were posted online. The information was removed earlier this week, after almost 12 months online. The University apologized and explained that a faculty member doing a study on student success rates believed the information was being held on a secure server. It was not.
Apparently this was the third such breach that the University has suffered from in the past year. Each incident has increased student concern, and the university promises to beef up network security. It is beginning to look like these are promises that they have little intention of keeping. If the University were serious, they would immediately implement a data privacy awareness program to train staff and students on protecting private and sensitive information. There is no indication beyond empty press releases that they have begun taking even this most basic step.
U of H contends that there is no evidence that the information had been stolen or misused to date. That, however, is highly unlikely. Many times, identity thieves will wait until the dust has settled from such a breach to begin using the information for financial gain. The university has advised anyone who may have been affected to obtain and review their credit report for any signs of fraud. Again, if the university were serious, it would be providing free credit monitoring to those affected.
In 2002, the University phased out the use of Social Security Numbers to identify students. However, for students who attended the University prior to 2002, Social Security numbers are still used to identify those students. As you can imagine, it is difficult to contact affected students long after they have graduated, making the University’s task even more difficult.
To learn more about how to recover your stolen identity, check our our Identity Theft Prevention and Recovery workbook.