Check out the excellent chronology of data breaches kept by the Privacy Rights Clearinghouse and you’ll notice that a massive chunk of those affected reside in academia. At a gathering of IT security and privacy professionals at the Harvard Club in Boston put on by Text 100 this morning, I heard some interesting examples of why the bad guys love the colleges and universities so much.
Catherine Allen, chairman and CEO of The Santa Fe Group, mentioned that the person responsible for a breach at the University of Missouri earlier this year had been caught, and that authorities learned that the culprit had some long-term plans for the 22,396 record compromised.
Allen explained that the thief was apparently planning to hang on to the data and wait for about a decade before using the stolen identities — when today’s students are more likely to be duly employed and earning steady income.
The lesson — Don’t be lulled into a false sense of security if your information was compromised a year ago and you haven’t become a victim of identity theft yet. Chances are the bad guys are just waiting a few years for you to start making some real money worth stealing.