The Washington Examiner reports that, “Security controls were so lacking at University of Maryland, University College that thousands of students’ academic records were vulnerable to prying eyes.” The report (pdf) from the Maryland Office of Legislative Audits found:

Our audit disclosed information system security and control deficiencies in UMUC’s network that includes the student administration, human resources, and financial information systems, as well as its online education application. [...]

For example, our audit disclosed that UMUC did not perform required periodic reviews of the appropriateness of user access capabilities for its accounting, personnel, and student records systems and that certain account and password controls were inadequate, including for the online education application. In addition, security reports were not generated for certain critical applications, proper controls were not established over computer program changes, and the internal computer network was not sufficiently secured from both internal and external sources.

The security problems lead to privacy risks, such as the fact that “student assignment folders and faculty grade books were at risk of disclosure and compromise from the general public.”

This entry was posted on Thursday, June 25th, 2009 and is filed under Identification, Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Possibly related posts:

• Irish Times: Tight controls urged in use of personal data
• Washington Post: States mismanage student information, study concludes
• Audit: Bureau of Alcohol, Tobacco, Firearms and Explosives Lost Guns and Computers