Dark Reading
Protect The Business - Enable Access
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Schools Suffer One-Third of Total U.S. Data Breaches
New report reveals 12.4 million student and consumer profiles were compromised in 324 breaches at colleges, K-12 schools By Kelly Jackson HigginsAnd given that schools make up only about 0.6 percent of U.S. businesses and other organizations, that's a relatively disproportionate amount of breaches, says Joseph Campana, principal of J. Campana & Associates, which conducted the study (PDF).
Data from more than 12.4 million students, parents, faculty, and other consumers was exposed in 324 breaches, according to the report, which draws data from the Privacy Rights Clearinghouse. "Most of these breaches involved social security numbers or account numbers," Campana says. "If it was students and employees, it typically involved social security numbers. If it was parents, volunteers, or donors, it could be social security numbers or [credit card] account numbers."
More than one-third of the breaches were the result of lost, stolen, or missing computers, storage devices, magnetic tape, microfiche, and paper documents. Stolen or missing laptops made up 15 percent of these incidents. Hacking was the culprit in 24 percent of the cases, including both external and insider threats.
Not surprisingly, colleges and university were the bulk of the problem, with 79 percent of the breach incidents in the education sector. Earlier this week, the University of Florida became the latest victim, revealing that an intruder had broken into its College of Dentistry computers, potentially compromising the personal information of some 330,000 current and former patients.
K-12 schools suffered 15 percent of these breaches, but had the most (30 percent) breaches where the actual number of user profiles exposed was unknown, while colleges and universities had only 6 percent of such instances.
"This is a red flag that [K-12 schools] don't take inventory of the information they do have," Campana says. "That there were so many 'unknowns' surprised me."
Schools must make privacy a priority like they do with cracking down on gang activity, he adds. "If they are dealing with gangs or other discipline problems, it gets propagated through the schools. It's a matter of making privacy a priority."
That means training school risk managers to include privacy in their assessments, he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
CA To Acquire Authentication Vendor Arcot Systems Inc. 08/30/2010
China, Taiwan Nab 450 Suspects In Biggest Fraud Raid Ever 08/30/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
Understanding Web Application Security Challenges
08/24/2010
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSObama Cybersecurity Czar Schmidt Steps Down
Threat Intelligence Becoming A Do-It-Yourself Project For Enterprises
What A DDoS Can Cost
MORE KEYHOLE
- Powering your Business with IBM's New 2s General Purpose Servers
- Cloud or Premise Based Contact Center – Which is Right [for YOU]?
- How to Build a Next-Generation Big Data Architecture
- Best Practices for Improving Database Testing: Upgrades, migrations, business growth and more - ensuring you can handle the workload!
- Creating Business Agility with Highly Integrated Core Systems
- ComputerWorld Tech Dossier HP ProLiant Gen8 Servers: Intelligent Mgmt and Greater Efficiency Throughout the LifeCycle
- Business Value of Blade
- Evaluator Group: HP's Converged Storage A Vision for Emerging Customer Requirements
- Cloud, Appliance or Software: How to Decide Which Backup Solution is Best for Your Small or Mid-Size Organization
- Open Source Governance in Highly Regulated Companies
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
