After an external audit investigating the university's security posture resulted in a highly critical report, Ohio University's president says he is, "angry and embarrassed by the computer security system lapses that were undetected" before his time as leader of the school. The quote was published as a news item on the university's website. The university is investigating five incidents that have resulted in data theft since March 2005. In total, about 367,000 personal records containing Social Security Numbers and other private data were exposed. The university had been carrying an annual surplus of $1.4M in its IT department, which could have been used for security spending but wasn't deemed necessary.
The announcement by school officials highlights the significant damage to a large organization's image and reputation that is possible when IT security is not taken seriously enough.
Posted by: Kelly Martin