Issue link: http://uwashington.uberflip.com/i/285144
D Data Breaches in Higher Education In July 2013, the New York Times reported that research universities in the United States are increasingly subject to cyber attacks, with millions of hacking attempts occurring weekly. In addition to data loss as a result of cyber crime, each year there are scores of reported incidents of accidental loss or disclosure of information in the form of customer, student, employee, patient, or research data. As a part of its mission "to educate and empower individuals to protect their privacy," Privacy Rights Clearinghouse (privacyrights.org) has been tracking data breaches of every kind since 2005. A search using its online data breach chronology tool reveals that there were approximately 32 data breaches at higher education institutions in the United States in 2013, involving millions of records. It is important to note that these numbers only include breaches that have been discovered and publicly acknowledged. The actual number of higher education data breaches may be much higher, either because investi- gative processes to discover the nature of any given breach may take time, or because it sometimes takes months or years for breaches to be discovered and reported. A review of reported incidents reveals that higher education data breach stories in 2013 seemed to follow similar trends from prior years. Those trends include: • Social Security Numbers (SSNs) that were stolen or accidentally disclosed; • Personally Identifiable Information (including SSNs) accidentally posted online where it could be publicly accessed; • Student, patient, employee, or research data that were on lost or stolen laptops; and, • Data, login, or other access credentials that were exposed to unauthorized individuals via phishing attacks. The Office of the CISO has developed a set of resources and online training modules to educate users about the most common types of data loss and to create awareness about how to safeguard the University's institutional information. Some of the resources targeted toward the trends listed above include: • Computer Whole Disk Encryption Guideline • Introduction to Encryption Privacy Brief • SSN Use at UW online training module • Phishing at the UW online training module • Security and Privacy 101 online training module For these and other resources, visit ciso.uw.edu. 2013 INFORMATION SECURIT Y AND PRIVACY ANNUAL REPOR T UW OFFICE OF THE CISO 1