By TOM ZELLER Jr.
If the computer age is continually testing how well institutions protect personal information, the nation's colleges and universities may be earning a failing grade.
Last Monday, administrators at the University of California, Berkeley, acknowledged that a computer laptop containing the names and Social Security numbers of nearly 100,000 people - mostly graduate school applicants - had been stolen. Just three days earlier, Northwestern University reported that hackers who broke into computers at the Kellogg School of Management there may have had access to information on more than 21,000 students, faculty and alumni. And one week before that, officials at California State University, Chico, announced a breach that may have exposed personal information on 59,000 current, former and prospective students.
There is no evidence that any of the compromised information has been used to commit fraud. But at a time of rising concerns over breaches at commercial data warehouses like ChoicePoint and LexisNexis, these incidents seem to highlight the particular vulnerabilities of modern universities, which are heavily networked, widely accessible and brimming with sensitive data on millions of people.
Data collected by the Office of Privacy Protection in California, for example, showed that universities and colleges accounted for about 28 percent of all security breaches in that state since 2003 - more than any other group, including financial institutions.