Criminal hackers have found Universities to be a prime target in their efforts to amass confidential details that can be employed in identity theft rackets.
According to a report by security researchers at AppSec, 2.3 million records have been illegally accessed at 158 institutions of higher education in the United Sates since 2008.
AppSec's vice-president of product management Josh Shaul says, "When an attacker gets access to university databases, it's like hitting the jackpot."
University databases contain a wide variety of personally identifiable information (PII), from social security numbers and financial information to health records. Higher education institutions also have great deal of account turnover, unlike corporations.
"A university or college could be housing potentially billions of PII," Shaul stated.
The FCC indicates that identity theft has become the number one consumer complaint, with over one million new victims yearly.
Universities and colleges tend to be under extreme financial pressures, and data loss prevention efforts can be an expensive proposition. Many instituions do not aggressively mitigate risks until after a significant data loss event has occured, and hackers have take note of the low hanging fruit.
"One of the first and easiest steps is to ensure that the database systems have complex passwords in place and that default account logins and blank passwords have been replaced," Shaul says.