News & Resources

Audit finds students' information stored without encryption

Feb 02, 2012 Karen Umpierre

The recent completion of a three-year audit of the University of Maryland's system servers uncovered multiple violations that could put student privacy at risk, the Washington Examiner reports. According to the state Office of Legislative Audits' investigation , the school stored sensitive personal and financial information of prospective undergraduates on publicly accessible, unencrypted servers. The Gazette estimates more than 8,000 records existed on the server, and that this lack of security could result in information being stolen and used with fraudulent identity verification. The audit was conducted between February 2008 and March 2011. Auditors found student names, Social Security numbers and credit card numbers stored without encryption on the university web server, and noted that such data" is commonly sought for use in identity theft," the news source reports. "The IT department would have known if any information was breached or compromised,"university spokesman Mike Lurie told the Examiner. He added that update controls were put in place in December 2010, prior to the audit's completion, that move prospective student data off the university server after three months.