It is not a good time to be a student at Columbia University.  This is a report about the second data breach that they’ve suffered in the last 12 months.  And it is the same type of problem.  All in all, the problem revolves around access to social security numbers.  For some reason, the university doesn’t seem to recognize the importance of keeping this data secure.  Perhaps the school’s administration hasn’t heard of the crime known as identity theft.  Maybe they have and just don’t care.

What has set the students into an uproar was the announcement that 5,000 of their social security numbers have been available on an online database that anyone could access.  Not only was the data on the web, but it was also in a searchable format, which leaves the door open for even more specifically malicious activities.  The topper though, if that is possible, is that the breach has been occurring for the last 16 months.  Over that time period, there is no figure for how many people have accessed the data.  There is also a lack of accountability among the network security administrators of the university.

Students were alerted in an email on Tuesday to bring the matter to their attention.  The university found out about the breach when an alumni contacted the school about the website.  Apparently a student in the housing department posted the material without realizing that it was unsecured.  Upon request, Google took down the website and the university believed that the threat had been contained.  Unfortunately, on Wednesday, students alerted university officials that the data for over 200 students was still available.  A petition has begun circulating around campus to show the discontentment of the student body with what appears to be an inept administration.  This is only emphasized when people think back to a similar problem that developed in April 2007 in the housing department.  Demands listed in the petition involve criminal investigations behind the people responsible for posting the private data online, in addition to a detailed description of how the university plans to increase their electronic security.

While university officials have sworn to not rest until this issue gets resolved and the security features of all Columbia systems updated, no one appears to be holding their breath.  The university has agreed to provide subscriptions to ID theft services for two years.  These companies, such as Lifelock, monitor all three credit bureaus for illicit activity.  For a nominal fee, that the university is picking up in this specific case, customers are alerted whenever a new loan is opened or a credit card application is filed.  These ID theft services are available on a personal basis too and not just for people involved in large sized data breaches.