The University of South Carolina had suffered six data breaches since 2007 and was in the process of putting more significant protections into place when it was hit with another such incident earlier this year.
In late April, a laptop that may have contained the names and Social Security numbers for some 6,300 students who took physics courses at the school between 2010 and this year was stolen from a locked room, potentially exposing a massive amount of people, according to a report from the Greenville News. The school only recently revealed that this incident took place, because it was trying to get in touch with all suspected victims of the incident.
However, with this being the seventh breach the school has suffered in as many years (exposing more than 87,000 records in the process), it acknowledges the massive problem is has with security in general, and chalks it up to having as many as 80,000 devices connected to its various computer systems across eight campuses at any given time, the report said. It is now putting into place more comprehensive controls to help protect all sensitive data, but plans were not set to be completed until closer to the end of next year.
“No one is immune to attack and with that, we have to be aware and realistic that the odds are against us,” said Marcos Vieyra, the University of South Carolina’s chief information security officer. “There are a lot of attackers. We have to be perfect every day, and all they have to do is find one hole, one vulnerability, and they’re in.”
One of the major problems the school may have is that it only recently began identifying students in its system with ID codes that did not match their Social Security numbers, the report said. This year, all incoming freshmen will receive different IDs, but it’s possible that some may still turn their Social Security numbers over to professors in some instances.
This is only the latest data breach incident to hit the Palmetto State. Just last year, South Carolina’s tax department also suffered a massive data breach that exposed the personal and financial information for millions of people and thousands of businesses, which led to considerable reforms for how some state agencies dealt with sensitive information.