Video by Katelin Wangberg/CNS-TV
The University System of Maryland stored sensitive personal and financial information about thousands of prospective students on publicly accessible Web servers, exposing them to possible identity theft, according to a recent state audit.
The state Office of Legislative Audits estimated the information included more than 8,000 records of student names, Social Security numbers and in some cases, credit card numbers, over the duration of the audit from February 2008 to March 2011. This private information “is commonly sought for use in identify theft,” according to the audit.
Though there was no evidence the information was stolen, some students said they were still alarmed.
“It’s really dangerous, because those are your really private numbers,” University of Maryland freshman Jasmine Green said.
“To be honest it’s kinda scary,” College Park freshman Tyler Williams said.
The University System of Maryland responded to the audit saying they had removed historic sensitive personal and financial data on the public servers.
USM spokesman Mike Lurie said in an email that, “The work that remains to be done is separation of the Web-accessible component from the data storage component. However, there is no truth to any assertion that the data is stored in a non-encrypted fashion.”
However according to the audit, the information was “stored in plain text on the Web server.”
“It said it was in plain text, which means it was not in cipher text, i.e. it was not encrypted,” University of Maryland Director of Computer Science Michael Hicks said.
The fact that there is no evidence that the information was misused has reassured other students.
”I understand why some people were concerned… but nothing happened to me,” said senior Jack Slattery.
Now the information stored on the servers is kept until the prospective student’s application is completed, or after three months, whichever is sooner.