It’s Back: March Madness Meets Higher Education Data Breach “Brackets”Team Shatter Exclusive

It’s that time of year again – March Madness. Yesterday, the NCAA Selection Committee chose the 68 teams (still not a fan of the increase from 64) to participate in this year’s NCAA Division I Men’s Basketball Championship. Most recognize this simply as the “brackets”.

In the spirit of what is being called “National Bracket Day”, we decided to join in the fun and issue our Second Annual Higher Education Data Breach Madness Brackets.

The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets (see image below). For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected. From there, it was straight forward – the larger the breach, the further they went in the “tournament”, until an eventual champion was crowned.

It is no secret that U.S.-based institutions of higher learning have suffered their fair share of data breach ‘madness’. So, last year we started an annual tradition and take a fun look at which higher education institutions would make the “Data Breach Final Four”. If you didn’t catch last year’s blog post and corresponding brackets, you can check it out here.

While 2011 witnessed a dramatic decrease in the number of reported records affected (478,490), 48 institutions still suffered breaches. Both figures are all-time lows since data breach recording began in 2005.

So, without further ado, your 2011 Higher Education Data Breach Madness “champion” is…Virginia Commonwealth University (VCU), which reported a breach of 176,567 records on November 11, 2011.

2011 Higher Education Data Breach Madness Brackets

 (click on image to enlarge)

During last year’s NCAA tournament, VCU captured the nation’s attention with its Cinderella-like actual Final Four appearance before ultimately seeing their journey end in a 70-62 defeat at the hands of the Butler Bulldogs.

Unfortunately for VCU, their “Data Breach Madness Final Four” journey did not fall short and they earned the distinction of reporting the largest data breach of 2011 by a U.S.-based institution of higher learning.

Rounding out the 2011 “Final Four” are the University of Wisconsin Milwaukee (79,000), Yale University (43,000) and the University of South Carolina (31,000). 

Year-By-Year All-Time Data Breach Madness “Final Four”

(click on image to enlarge) 

VCU became the 21st higher education institution since 2005 to report a data breach in excess of 100,000 records and was the only one to eclipse that number in 2011. Three institutions exceeded the 100,000 mark in 2010. 2005 saw the most schools go over 100,000-figure with six, whereas 2006 and 2009 had four apiece. 2007 and 2008 had just one each.

Year-By-Year U.S. Higher Education Data Breach Totals

(click on image to enlarge) 

 The “winner” of last year’s ‘Madness’ was Ohio State University, which got hit for a breach consisting of a reported 750,000 records – good for #2 all-time (see Top 10 image below). And 2012 is already off to a big start, as Arizona State University (ASU) reported a breach of 300,000 records in January, which would put them in a tie for fourth highest U.S. higher education breach of all-time.

Top 10 U.S. Higher Education Data Breaches Of All-Time

 (click on image to enlarge) 

While it is very encouraging to see the record-lows in 2011, those of us here at Application Security, Inc. advise higher education institutions to proceed with very cautious optimism. Will ASU make it to the “Final Four” and take home the unwanted distinction? Was 2011 an anomaly, rather than a trend moving in the right direction for the education vertical? Only time will tell.

Best of luck to all of you whose alma maters will be vying for the national championship and fingers crossed that none of yours made our Data Breach Madness Final Four!

(All from statistics included in the Higher Education Data Breach Madness brackets and lists were sourced from Privacy Rights Clearinghouse)

Leave a Reply

Name (required)

Mail (will not be published) (required)


Please note: JavaScript is required to post comments.

Powered by