NYU not alone in its SSN woes
By Ashley Terletzky
Date: February 04, 2004
Source: Washington Square.News
Yet NYU is by no means unique in its troubles. Technological snafus and security breaches are quickly becoming a growing problem among the nation's collegiate computer systems, leaving in its wake a slew of identity theft horror stories.
The most egregious leak of private information took place in late January, when University of Georgia officials found that hackers had penetrated the school's Web site, gathering the personal information - including Social Security and credit card numbers - of 31,000 students and applicants.
"Hackers illegally entered servers that happened to contain admissions files from August 2002 through January 2004," university spokesperson Tom Jackson said.
Though the university maintains that its site was properly secured before the hack, administrators took it offline immediately. "Criminals break into houses with alarms, too," Jackson said, adding that there is no evidence that any data was used or manipulated.
This security breach occurred despite the university's recent move away from using Social Security numbers as student ID numbers. The university issued a set of randomly generated numbers that became fully effective Jan. 1, after a semester of transition.
"We have been talking about it for years," Jackson said. "At some point, you just have to do it."
Texas A&M University, located in College Station, also recently released students' personal information - in this case, due to human error.
"We had a couple incidents over the past year in which faculty released grades and course information by student Social Security numbers," registrar Donald Carter said.
In response to these leaks, Texas A&M has also stopped using Social Security numbers as IDs. The university is currently converting all the programs that formerly used Social Security numbers to a new system that, like Georgia's, uses randomly selected nine-digit numbers.
"We have been investigating changing for years," Carter said, adding that after the flap, it was time to execute the plans.
The recent moves by the University of Georgia and Texas A&M are part of a trend among U.S. schools to abandon Social Security number-based ID systems after potential identity thefts.
The University of Texas at Austin, for instance, also recently ditched Social Security numbers after a student hacked into the university system and accessed over 55,000 names and Social Security numbers. Now, according to administrative assistant Colleen Danaher, the school identifies students by their initials and a string of two or three digits, a system similar to NYU's NetIDs. These are the numbers that appear on professors' rosters.
However, schools that do not use Social Security numbers as IDs have not been immune to identity fraud, although the results have been less severe.
While Boston College has been using randomly generated "eagle numbers" as IDs for more than five years, a student hacker allegedly managed last fall to encode his ID card with other people's eagle numbers, which he evidently obtained by tracking students' keystrokes on public computers.
The hacker, who had compiled data of more than 4,000 students, then used his victims' meal plans and campus money days at a time before assuming a new identity.
The student, Douglas Boudreau, 21, is now in jail. The school has instituted an alpha-numeric password system and issued new, more secure IDs to every student and faculty member, according to Louise Lonabocker, Boston College's director of student services.
Vanderbilt University, located in Nashville, Tenn., continues to use Social Security numbers for identification, but has recently taken some extra precautions. "With all the publicity about stolen identities, we've taken [Social Security numbers] off class rolls," assistant registrar Gail Lance said, adding that the students don't need to use Social Security numbers to access e-mail or register for classes.
Rutgers University allows students to choose whether to be identified by their Social Security numbers or by a random nine-digit number, though registrar Ken Iuso admits that the university has considered abolishing the use of Social Security numbers altogether.
According to Iuso, the conversion necessary to allow the students to use alternative numbers was "not a big deal," since they were using the same number of digits.
NYU students currently have the option to create random nine-digit ID numbers to use in lieu of their Social Security numbers, but according to university spokesman John Beckman, NYU's computer system cannot translate these numbers into Social Security numbers when needed for certain functions, like for federal financial aid or payroll purposes. The university's system is currently being retrofitted to accommodate other ID numbers, he said.
Although students at many universities may opt to use non-Social Security numbers as IDs, Iuso stressed that colleges are required by the federal government to keep Social Security numbers on record, even if they are not used to identify students.
^macro[showdigestcomments;^uri;Beware of Get Rich Quick Schemes]