Iowa State is cyber secure
February 21, 2018
Iowa State University of Science and Technology — technology is in the name. With one of the top computer science programs in the country, Iowa State should have an unbreakable infrastructure.
In 2013, Iowa State was the victim of a data breach that compromised the social security numbers of nearly 30,000 students enrolled from 1995 to 2013, as well as the university IDs of over 19,000 more students.
Doug Jacobson, Director of the Iowa State Information Assurance Center talked about how this happened on a system level.
“The department was using what they call network file servers. These are boxes with hard drives in them on the network so you can share data,” Jacobson said. “There was a vulnerability in the software that attackers exploited and gave them access to the box. That network storage file box contained class lists.”
Jacobson said that prior to Iowa State University’s implementation of nine-digit identification number system for student IDs, the university printed student’s social security numbers on their cards. Professors used to post grades on their doors in alphabetical order, except they printed their social security numbers instead of their names.
“When I was here as a student, my student ID card has my social security number printed on it, and when I became a faculty member — same thing, my faculty ID had my social security number printed on it,” Jacobson said.
This information was kept in the network and never deleted because back then social security numbers were useless, so when the system was compromised, these social security numbers were made available.
Jacobson then went on to talk about how the situation was handled as far as protecting Iowa State from this problem in the future.
“Policy changes came into play, and then there are technologies out there that will look through data storage and they’re called PII. Personally Identifiable Information,” Jacobson said. “Social Security numbers medical records, those sorts of things are protected. There are rules about what data can be released, so the university went through a phase of analyzing the file storage, looking for PII and notifying the owners.”
The university offered AllClear ID — an identity theft protection program — 12 month memberships for free to everyone who was affected by the breach.
Since then, policies have been made to ensure that things like this do not happen in the future. Eric Rozier, assistant professor in computer science at Iowa State says that Iowa State has a very competent IT team and that the Information Assurance Center is one of the best.
“I’m pretty confident in the state of Iowa State’s Cybersecurity,” Rozier said. “The Information Assurance Center is among the best [IT teams] in the nation.”
If students wish to protect themselves, Iowa State offers supported malware protection and antivirus programs to students and information can be found here. If students encounter any technology issues, the IT Solutions center can be reached at 515-294-4000, or students can stop by their location in Parks Library.