The past year has seen a substantial uptick in the amount of total records breached. In 2012, there was a dramatic increase in the total number of reported records affected (1,977,412), but a relatively low amount of institutions (51) that reported breaches. In fact, the past year has seen the most reported compromised records in the higher education sector since 2006, based on data since tracking began in 2005.
The unwanted distinction of suffering the largest reported data breach in 2012 by a U.S.-based institution of higher learning came from the University of Nebraska, which reported a breach of 654,000 records on May 25, 2012. Rounding out the 2012 Higher Education Data Breach Madness “Final Four” were the University of North Carolina (350,000), Arizona State University (300,000) and Northwest Florida State College (279,000).
The University of Nebraska became the 25th higher education institution since 2005 to report a data breach in excess of 100,000 records. In fact, all four institutions in the 2012 “Final Four” eclipsed 100,000 stolen records, which is a first since 2009.
According to the Ponemon Institute’s most recent "Annual Study: U.S. Cost of a Data Breach" (March 2012), the findings showed that the average cost to organizations per compromised record was $194, though in the education vertical the average cost was far lower at $142 per record. However, based on the lower education average, the University of Nebraska data breach could cost the university over $92 million.
The "winner" of last year’s ‘Madness’ was Virginia Commonwealth University (VCU), which suffered a breach consisting of a reported 176,567 compromised records. In 2011, there was a substantial dip in reported breaches (48) and compromised records (478,490). UCLA still holds the record with 800,000 compromised records, reported in 2006.
“When we look back at the higher education data breaches in 2012, we can see that the hackers are clearly getting smarter at stealing data,” states Alex Rothacker, Director of Security Research, AppSecInc’s TeamSHATTER. “The reported breaches remain on the low side, yet the stolen data is over three times what we saw in 2011.”
Based on publicly reported data breaches compiled by Privacy Rights Clearinghouse, the Data Breach Madness bracket’s reflected outcome is specific to the total number of records breached at each higher education institution. The larger the breach, the further each institution went on in the "tournament", until an eventual "champion" was crowned.