Being conscious about your data: How students can be put at risk for a breach

  • 0
  • 2 min to read
191203_NP_StudentDataPrivacy_3

Many UW students are unaware of the how their personal data is protected by the school. The Office of UW Data Privacy and Office of CISO is working to include “privacy by design,” to protect student’s data from phishing scams and identity theft.

Creating a unique password for every account should be a no-brainer when it comes to online security. Despite the requirement to add symbols, numbers, and uppercase letters to make accounts safer, hackers can still invade users’ online identities if the same password is used across different platforms.

Rebekah Skiver Thompson, director of cyber intelligence at the UW’s Office of the Chief Information Security Officer (CISO), said that 60% of the email accounts that the UW disabled this year were due to the re-use of passwords across multiple accounts.

“Once that third party was breached, the people who stole that information know to try that username and password in other locations,” Thompson said. 

Erik Hofer, associate vice president for Academic Services and deputy chief information officer at the UW, said that emails compromised by third parties can open doors to identity theft, scamming, or phishing.

“Think twice before signing up for websites that you just want to take a silly quiz,” Anna Lauren Hoffmann, iSchool assistant professor recommended. “It seems like fun, but you give over some data and you forget about it.”

On a larger scale, Pearson, a world-class education company that appears in many of U.S. students’ textbooks, exposed information of students from approximately 13,000 schools, as a result of a cyberattack. The company said in a statement that the exposed data included first name, last name, date of birth, and email address.

The UWPD is also aware of the rise of fraudulent activities, especially directed at international students, according to the Foundation for International Understanding Through Students newsletter. Scammers disguised themselves as either a financial institution, the U.S. government, or the police, to obtain sensitive information about immigration status or social security.

“Education and outreach are the key components that we do here at the office of the CISO,” Thompson said. “We integrate [education and outreach] within all of our groups and efforts that we are doing.”

Though students were asked about how the university protects students’ data privacy, and how they can protect themselves, many had gaps in their knowledge about institutional data security practices.

“I'm honestly really unaware of how my information is used, which is kind of concerning as an info major who's supposed to think about these things more than the average student,” Yu-Won Youn, informatics and Asian studies senior, said. “If I don't think about it, who does?”

While students from science majors are informed about information security in their education, those who are not from these majors can lack education about the topic and be a greater risk. 

“I don’t think I was ever informed about protecting student data at all during my time at the university,” junior Rosalynda Romo said. “If we were informed about it, I don’t remember. I didn’t think this was something that had ever crossed my mind.”

With the rise of scamming intelligence, both offices are working on integrating “privacy by design” throughout all IT systems to maximize online safety for all students, faculty, and staff at the UW.

According to Ann Cavoukian, Ph.D., who developed privacy by design, this approach embeds user privacy in all software architecture and is an important component of the system being delivered.

“It’s essential that we continually evolve to keep pace with what’s happening in the industry and to make sure we are fulfilling our mission and objectives for the university, and protecting the information that we hold,” Ann Nagel, associate vice provost and institutional privacy official, said. 

Jan. 28 2020, the UW Privacy Office will be hosting the 2020 Data Privacy Day at 10 a.m. in Odegaard Library, Room 220. 

Students can learn about scams and prevention methods at the Office of the CISO, UW Privacy Office, and the Washington State Office of the Attorney General, where UW and other state agencies are required to submit information about data breaches. 

If students encounter a privacy-related concern, they can report to uwprivacy@uw.edu

Reach contributing writer Anh Nguyen at science@dailyuw.com. Twitter: @thedailyanh

Like what you’re reading? Support high-quality student journalism by donating here.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.