California Colleges Take on Hacking, Identity Theft

Los Angeles area university officials said Tuesday they are taking a number of steps to boost protection of sensitive information following a number of cases of computer hacking and identity theft.

California State University, Northridge, will hire a new information security officer by January and recently purchased anti-virus software for all students, faculty and staff, said Spero Bowman, CSUN chief information officer.

"It's a constant review of our system, and trying to find out where the new vulnerabilities are," said Steven Fitzgerald, CSUN chief technology officer. "We have a balancing act, between making things tight and still usable."

Fitzgerald said CSUN, which has about 8,000 university computers and 33,000 students, has never had a major security breach. But university officials are on alert following a September incident at the University of California at Berkeley, when a hacker accessed the names and Social Security numbers of about 1.4 million Californians stored on a researcher's computer.

Last week, San Francisco-based Wells Fargo & Co. said its security systems had been breached in October and personal information on thousands of borrowers was stolen.

Like banks, college campuses collect all kinds of personal data from students: Social Security numbers, credit card numbers, grades, and even campus activities.

"We have lots of information about who a student is and what they do on campus, and we need to be protective and make sure it's not given out to just anyone," Fitzgerald said.

Lynn Winter Gross, director of communications for the nine-college Los Angeles Community College District, said the LACCD had not experienced any serious hacking incidents but was constantly reviewing its security systems.

At the University of California, Los Angeles, two laptop computers were stolen from a UCLA bloodmobile, one last year and another this summer. The laptops contained password-protected data on more than 200,000 blood donors, including names, birth dates, blood types and Social Security numbers.

UCLA notified all the donors of the thefts, following a new state law that requires agencies to notify people if their personal information has been stolen.

Both CSUN and UCLA have already stopped using students' Social Security numbers as identifying numbers.

UCLA officials are now taking a hard look at where sensitive data is kept, said Kent Wada, director for Information Technology policy for UCLA, which has about 35,000 campus computers on the 38,500-student campus.

"We all use laptops because they're so convenient, so light and portable, but those characteristics make these things really easy to lose or to be stolen," Wada said. "Where we don't need to have this data stored, we shouldn't."

Educating students, faculty and staff about the dangers of downloading a virus from the Internet is another important component. Some viruses can install a "back door" in an infected computer that will allow hackers access to the system.