Amid tuition, classes and midterms, concerns about social security and identity theft just might be the last thoughts on a college student’s mind, but the blank credit records of many students make them some of the biggest targets for fraud.
Identity theft can hurt students and alumni in numerous ways. Accounts can be opened in a person’s name without them knowing or money can be stolen. Recovering an identity can be a lengthy process and result in a student not receiving financial aid in time for class enrollment.
Identity theft hit a record high in 2016, with 15.4 million incidents across the U.S., according to a Javelin Strategy & Research study released in February. California ranked fourth overall in most identity theft complaint rates and 10th in fraud complaints, according to the Federal Trade Commission’s 2016 Consumer Sentinel Network Data Book.
A victim of social security fraud himself, CSUF communications professor and former senior editor for the New York Times Walt Baranger said that recovering from a stolen security number is nearly impossible.
Baranger said the number can be sold and resold over and over again, and he expressed concern about the housing of social security numbers by the Cal State system.
“If your social security number is released, for the rest of your life that number is out there with your identifying information,” Baranger said.
The campuswide data infrastructure that retains university records holds sensitive, personal information that identity thieves often chase, including social security numbers, dates of birth and addresses.
The Division of Information Technology also maintains an alumni database and works with the Division of University Advancement on fundraising for the university. Baranger said that alumni databases contain background and personally identifying information, such as addresses and phone numbers, which could easily catch the attention of hackers.
“All of these things, you have to look at their systems and say ‘Is this secure?’” Baranger said.
Mikhail Gofman, associate professor of computer science and director of the Center for Cybersecurity at CSUF, said the decentralized system used by the CSU is a more secure method of storing information because of the larger number of access points for a hacker to break through. This method results in fewer victims if the system is successfully breached.
“There is also a mechanism for handling incident response. If we get hacked and student data gets leaked, there is a very worked out procedure for handling that, to evaluate what was compromised and what the threats are for notifying the liable parties and deciding the course of action,” Gofman said.
The university also practices proactive security by having Information Technology professionals attempt to break into the university’s systems using the same tools and techniques as hackers to test for weaknesses in the databases, Gofman said.
“It’s a very secure database. It’s password protected. Not everybody can get into it and it meets all the IT requirements as well as the data security for IT too,” said Katie McGill, director of development for the College of Communications at CSUF, who oversees alumni fundraising for the university.
McGill also said that keeping sensitive information in separate databases means that access to student information is limited to specific personnel, with a unique coding system that has no correlation with student social security numbers.
Still, Gofman said that no matter what the colleges do, no system is impenetrable.
“Nowadays, when it comes to being compromised, it’s not really a question of ‘If.’ It’s more of a question of ‘When,’” Gofman said.