As part of March Madness fun, TeamShatter, the research arm for Application Security, pulled together information on some of the biggest data breaches affecting higher education in 2010. While overall No. 1 pick Ohio State University fell short of making the Final Four for the NCAA basketball tournament, the university was included in the Final Four for TeamShatter's Higher-Ed Breach Madness. In fact, it was the largest data breach in 2010, with more than four times the number of compromised records than the second largest breach, at Georgia's Valdosta State University. Data breaches can mean many things, including hackers attacking university servers, lost or stolen laptops, built-in search capabilities on the database and misplaced files. Not being current faculty, student or staff doesn't protect you if you have ever worked or attended some of these schools. Some of these breaches went as far back as 1987 and included information for contractors, prospective applicants, parents and even donors. When an attacker can compromise a university database, it's one-stop shopping for health records, credit card data and Social Security numbers. So far in 2011, there have been 14 reported breaches amongst higher education institutions, and the leader thus far is the University of South Carolina, with 31,000 records compromised. Below, eWEEK highlights the "Sweet Sixteen" of higher education institutions who suffered a data breach in 2010.
of
Ohio State University
Date: Dec. 15, 2010 Number of compromised records: 750,000 Unauthorized individuals logged into an OSU server and had access to names, Social Security numbers, dates of birth and addresses of current and former students, faculty, staff, consultants and contractors.
Valdosta State University
Date: Dec. 15, 2010 Number of compromised records: 170,000 A Valdosta State server was breached around Nov. 11 and exposed grades and Social Security numbers of up to 170,000 students and faculty.
University of North Florida
Date: Oct. 15, 2010 Number of compromised records: 106,884 A hacker from outside of the country accessed application information and may have obtained names, ACT and SAT standardized test scores, dates of birth, and Social Security numbers. While 106,884 records were compromised in total, the university said 52,853 records actually contained personal identifying information.
Buena Vista University
Date: July 16, 2010 Number of compromised records: 93,000 An unauthorized intruder got into a BVU database containing names, Social Security numbers and drivers' license numbers of anyone who'd ever applied to BVU as well as current and former students, parents, current and former faculty, staff, alumni, and donors since 1987.
University of Missouri System
Date: Jan. 21, 2010 Number of compromised records: 75,000 When the university mailed out IRS form 1098-T to students with information about tuition billed and paid, some of the letters were folded in a way that the Social Security number was visible through the envelope's clear address window.
Stony Brook University
Date: Dec. 19, 2010 Number of compromised records: 61,001 A PDF or Excel file containing student and faculty network IDs were available for download from a publicly accessible Website. A flaw allowed a student to change students' passwords without knowing the original one and then posted the list online.
University of Wisconsin - Madison
Date: Dec. 10, 2010 Number of compromised records: 60,000 Hackers broke in and stole files containing photo IDs of former students enrolled prior to 2008. The images had student Social Security numbers embedded along with student names.
University of Hawaii
Date: July 7, 2010 Number of compromised records: 53,000 More than 40,000 Social Security numbers and 200 credit card numbers were exposed when the computer served by the campus parking office was breached.
Messiah College
Date: Nov. 16, 2010 Number of compromised records: 43,000 An external hard drive belonging to the financial aid department containing information on current, former and prospective students and their parents was lost or stolen. The hard drive contained names, Social Security numbers, dates of birth and transcripts and spanned from 1994 to 2010. Luckily, the drive was later recovered, and it is unlikely that anyone accessed the information while it was missing.
Pennsylvania State University
Date: June 3, 2010 Number of compromised records: 40,806 A server belonging to Penn State's Outreach Market Research and Data office was communicating with a botnet C&C. The database on the server contained Social Security numbers and other personal information.
University of Hawaii - West Oahu
Date: Oct. 29, 2010 Number of compromised records: 40,101 Unencrypted files on the faculty Web server contained student names, Social Security numbers, birth dates, addresses and academic information of former students from 1988 to 1994.
Oregon State University
Date: July 14, 2010 Number of compromised records: 34,000 A virus infected a computer containing personal information and Social Security numbers of current and former employees from 1999 to 2005.
University of Texas - Arlington
Date: July 24, 2010 Number of compromised records: 27,000 There were four separate attacks on a file server containing student health center prescription records from 2000 to June 21, 2010. Of the compromised records, 2,048 had personal identifying information included.
Thomas Jefferson University Hospitals
Date: July 23, 2010 Number of compromised records: 21,000 A password-protected laptop containing protected health records, health insurance data and personal health information was stolen.
Florida International University
Date: June 23, 2010 Number of compromised records: 19,495 Personal data was exposed over the Internet via a database's search function, including grades and Social Security numbers.
University of Texas - El Paso
Date: Feb. 6, 2010 Number of compromised records: 15,000 When the university mailed out tax forms to students, some of the letters were folded in a way that the Social Security number was visible through the envelope's clear address window.
The Brackets
TeamShatter analyzed 57 higher education breaches reported in 2010 and came up with a March Madness-style bracket to visually represent schools that have somehow compromised personal information belonging to student, faculty and staff.
Windows Azure is a public cloud platform for building, hosting and scaling applications. Try Windows Azure free for 90 days and get 20GB outbound and unlimited inbound data transfer.
IT Security & Network Security News & Reviews News & Reviews 
Cloud Data Backup Now Makes Sense for SMBs: 10 Reasons Why 
HP, Lenovo, Asus Laptops, Desktops Offer Consumer Style for Busin[..]
Microsoft`s F#: 10 Reasons Why It`s a Hot Programming Language fo[..]
Data Center Efficiency: 10 Tips to Boost Productivity, Reduce Pow[..]
iPhone Apps to Kick Off the 2012 Summer Season 
Email Security: 10 Steps for Dealing With Dangerous Messages
See All Slideshows
As part of March Madness fun, TeamShatter, the research arm for Application Security, pulled together information on some of the biggest data breaches affecting higher education in 2010. While overall No. 1 pick Ohio State University fell short of making the Final Four for the NCAA basketball tournament, the university was included in the Final Four for TeamShatter's Higher-Ed Breach Madness. In fact, it was the largest data breach in 2010, with more than four times the number of compromised records than the second largest breach, at Georgia's Valdosta State University. Data breaches can mean many things, including hackers attacking university servers, lost or stolen laptops, built-in search capabilities on the database and misplaced files. Not being current faculty, student or staff doesn't protect you if you have ever worked or attended some of these schools. Some of these breaches went as far back as 1987 and included information for contractors, prospective applicants, parents and even donors. When an attacker can compromise a university database, it's one-stop shopping for health records, credit card data and Social Security numbers. So far in 2011, there have been 14 reported breaches amongst higher education institutions, and the leader thus far is the University of South Carolina, with 31,000 records compromised. Below, eWEEK highlights the "Sweet Sixteen" of higher education institutions who suffered a data breach in 2010.