The UT Dallas breach is not the first breach of data the University of Texas System has seen even this year. In October, the UT System appointed a chief information security officer to build and oversee a system-wide plan to protect UT's information after some recent exposures. What I find so frustrating is that unlike businesses whose public opinion rating can result in the loss of millions of dollars in profit, Universities seem to depend on the fact that the ID's being stolen are merely students who lack the maturity, financing and time to actually force these institutions of learning to act with even the slightest sense of liability. The University of Texas treats ID theft like a common burglary, where the store owner is the victim and everyone should be saddened that the University has been a target of hacking. As an Alumni, I feel for the students of a school that has repeatedly put our information at risk.

You do not have to be a 'rocket scientist' to know that using a person's social security number as a student ID is just plain dumb and illegal (SS# are only to be used for TAX purposes). Yet it appears that every school insists on using this most valuable number for their own internal tracking purposes. I have seen my student ID left lying around on carbon-copy paper, in teacher's role sheets and of course on just about every test you take. And for what? Sure it makes the news when 6,000 ID's are theft exposed to the world, but what about the constant disregard for personal information security? How many ID's have been compromised from the school's use of social security numbers as student IDs?

Dr. Daniel, UTD President, said the university believes the hacker attack came from the outside using the Internet as if this is supposed to make me feel better. It feels that the school is trying to play on the ignorance of society on the subject of ID theft. People commonly view ID theft as a burglary. The store own is victimized because the criminal break through a glass window and stole a few hundred dollars. Sure I feel sorry for the store owner, but institutions that hold data worth millions and millions of dollars should be treated differently. The average public often fails to see what is going on in the background and thinks of computer systems as safes in a bank - isolated from the outside world. However a look at recent headlines tells a different story when IDs are frequently lost on company laptops and common hard drives.

When I was a student at UTD, I had no say when it came to my private information. I was at the mercy of the school... If you want to attend and receive student loans they had to use your social security number. To illustrate this point - the first year or two at UTD I requested a random student ID. When you go to the Library, Union, Advising, Counseling, Student Services or any where else, they always said 'what's your Social Security #' and when I would say, 'you mean my student ID?' they would have this most confusing expression compounded by the fact my former student ID was this randomized number. In a day and age when people shred their mail and ink out the credit card number on purchase receipts, I find the University of Texas at Dallas stubborn disregard for personal information contemptible.

Major Security/Hacking Events of the UT System:

1. December 14, 2006 - UT Dallas attacked again with 6,000 users affected.
   
2. September 2006 - 2,500 student records for University of Texas at Arlington students were stolen at the end of September.
3. April 2006 - The UT System's flagship school in Austin's McCombs School of Business breach exposed the records, including Social Security numbers and other sensitive information, of 197,000 people.
4. 2003 - UT Austin has suffered a major IT security breach

According to Id Theft Center, at least 192 incidents have been disclosed in 2006 alone, potentially affecting more than 12,004,393 million individuals. Many of these attacks were directed at Universities and centers of learning. Here is a list of the Universities attacked in 2006.

 

As an alumni, the UT Dallas Response was sent to me by email.

Dear UT Dallas Alumni,

I regret to inform you that approximately 6,000 students, faculty, staff, and alumni at the University of Texas at Dallas as well as other individuals potentially have had sensitive information exposed by a computer network intrusion.

The personally identifiable information that may have been exposed includes names, addresses, Social Security numbers, email addresses and telephone numbers.

There is no indication that the information has been disclosed, disseminated or used to anyone's detriment at this time. However, the University does not seek to minimize concerns raised by this intrusion, and in the best interests of those potentially affected seeks to notify anyone whose information may have been disclosed.

The individuals whose information is known to be involved at this time include:

* In the Erik Jonsson School of Engineering and Computer Science, students, faculty, and alumni as well as applicants for admission dating back as far back as 1993.

* All staff and faculty of the University who were employed from January 1999 through August 2005.

The potential disclosure of data was discovered Sunday, December 10, by The University of Texas at Dallas information resources staff. The University of Texas at Dallas is responding aggressively to defend the integrity of the system and to assess the level of the threat to information contained on the system. Most but not all of the networked computing resources on campus have been assessed. Investigation is ongoing and updated information will be issued via email and the University homepage.

Every effort will be made to contact those individuals whose information could have been exposed. If you are concerned that you might be affected by this intrusion, you are encouraged to go to https://www.utdallas.edu/datacompromise/form.html to submit contact information so that the University can respond, or call 972-883-4325 to leave contact information.

Further information about protecting yourself (whether your information has been disclosed or not) is available at http://www.utdallas.edu/datacompromise/. UTD Staff will continue to assess and respond to the situation.

A press release on this incident has been issued in an effort to contact as many affected individuals as possible. The press release is available at http://www.utdallas.edu/news/archive/2006/network-intrusion.html.

If you have additional questions or concerns, please feel free to contact Erin Dougherty in Alumni Relations at (972) 883-2328 or erin.dougherty@utdallas.edu. We care very much about protecting the privacy and confidentiality of our alumni records.

Again, the University is actively working to notify individuals who may have been affected, and we deeply regret that the data in our network were potentially exposed by a deliberate attack through the Internet.

Thank you.

David E. Daniel
President
The University of Texas at Dallas