Officials at the University of Florida just recently announced that an unauthorized intruder gained access to a computer system containing files for over 97,000 people. The files were housing private information (Names & Social Security Numbers) for Faculty, Staff, and Students that had access to the University’s “GROVE” system from 1996 to 2009. The breach was discovered on January 14th during a systems review.

The University states that the “GROVE” system was originally created to provide an online location for faculty to host course materials and class information, and it supported one of the few free email services available to those on campus. Users were required to identify themselves to the database by using their University ID number, which in most cases was the social security number. (Side Note: Most Universities have now gone to great lengths to remove a student’s social security number as the generic identifier for the student. Students are now assigned a system generated ID number that is not related to the social security number.)

The University is now in the process of notifying the 97,000 people impacted by this data breach. They don’t believe that that intruder obtained any of the confidential information but the University urges anyone who believes to have had information housed on this system to take proper precautions.The University has established a toll-free hotline and encourages concerned individuals to drop them a line at (877) 657-9133

Unfortunately, data breaches are not new news for the University of Florida. Back in November of 2008, its College of Dentistry released information stating that the personal information for over 330,000 dental patients were exposed and available to a hacker. Apparently the hacker had gained access to the College’s server and unleashed a program that discretely disseminates information past the University’s firewalls.

University of Florida Facts:

• Florida’s largest University
• 4th largest University in the country
• Enrollment of over 50,000 students
• Ranked 17th in U.S. News and World Report (2007)
• Employs over 35,000 faculty and staff

In 2006, a laptop and external drive was stolen from the home of a Veterans Affairs’ data analyst. This person had taken the computer home without permission. The names, dates of birth, and social security numbers of 26.5 million active duty troops and veterans were housed on the machines.

Fortunately, the FBI later found the equipment, the theives were apprehended, and the VA announced with certainty that the information had not been compromised in anyway. The VA released a statement stating: “We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran.”

As for the settlement… the Department of Veteran Affairs has recently earmarked $20 million dollars to help aide any military personel or veteran that can show that they have been harmed by the data loss. Included in covered costs will be expenses for credit monitoring services (LifeLock & TrustedID) and/or physical manifestations of emotional distress. Estimated individual payments are expected to be about $1500. The agency’s spokesperson, Phil Budhan, states that the funds will come directly from the Treasury and will not deplete any resources used for VA programs.

No formal claim process has been identified by the VA as of the time of this article.  However, if you are a military person or a veteran, it is highly recommended that you contact the Department of Veteran Affairs and see about staking a claim on your fair share of these funds.  If you have recently enlisted the services of a credit monitoring agency or have distress from this data breach, you could qualify.

Since identity theft doesn’t normally occur for years after the data has been breached, at the very least it would probably be wise to sign up for a credit monitoring service and let the Treasury foot the bill for a few years. And of course, you can check out SmartSecurityPeople.com’s top ten ways to keep your identity safe and secure…

Texas A & M Univeristy, Corpus Christi recently revealed that they incurred another data breach.  This is the fourth data breach that they have experienced in the past 2 years. Apparently an admission document was left on an old server and it had 1,440 names of applicants along with their social security numbers. The University states that only 50 of these applicants matriculated into being full fledged students. Does this mean that the other 1,390 people don’t count because they chose to go to school elsewhere? My guess is that they isolated the 50 student records to see what kind of backlash they could be exposed to by violating FERPA (Family Educational Rights and Privacy Act).

Regardless, 4 security breaches in 2 years does show great concern for any current or potential student that may be thinking about attending Texas A&M. The best marketing plan Texas A&M can do now is provide free identity theft protection to all incoming students as an incentive to ensure that they will be safe from future data breaches.

What do you think about an organization that has this many data breaches?  Should someone lose their job for what could have been a simple oversight? Would you be concerned about identity theft if you were a student at this University?