
New	Articles	Television	Resume	Bio	Contact
Students are choice prey for identity thieves The New York Times News Service (March 1, 2004) Raleigh News and Observer (March 15, 2004) Sheila Gordon was 19 when her identity was stolen. For years afterward, she was denied student loans and federal grants but was never told the reason. Gordon didn't learn what happened until five years later when an investigation revealed that someone had used her name in applying for 32 credit cards, generating more than $150,000 in debt. What's more, since her clone was also working under her name and declaring income to the government, the real Shelia Gordon couldn't qualify for student loans. Gordon and nearly 27 million Americans have been victims of identity theft in the past five years, with complaints doubling each year, according to a September 2003 report from the Federal Trade Commission. There were nearly 10 million cases of ID theft reported last year alone. While thieves routinely harvest personal information by conducting telephone scams, stealing mail or by rooting through garbage bags, colleges and universities that use Social Security numbers to identify students are becoming an increasingly vulnerable target. A year ago the vulnerability of students was highlighted when a student at the University of Texas at Austin hacked into the school's computer network and downloaded the names and Social Security numbers of more than 55,000 students, faculty and alumni. To protect against ID theft, the university was in the process of converting all student identity numbers before the hacker attack, a process that is taking years and costing millions of dollars. Texas ranks second in the nation in reported identity thefts, according to the FTC. The same study shows that the number of victims reporting identity theft rose 44 percent in Texas last year compared with 33 percent nationwide. "Changing a system like this is a hugely complicated problem," said Dan Updegrove, vice president for information technology at the University of Texas at Austin. "Colleges are required by law to collect Social Security numbers for anyone they pay and for federal financial forms; so it seemed perfect to use them as student ID numbers." Universities are at risk because of the expansive and interconnected nature of computer networks, often with varying levels of security, that store student information. In addition, students make appealing targets because they generally have clean credit records and are not accustomed to regularly checking their credit reports. "The problem is that the crime can go unnoticed for so long," said Gordon, who is now the director of victim services at the Identity Theft Resource Center in San Diego. "People at that age are just not thinking about things like their credit history. They don't understand how they work, which makes them more vulnerable." Those who suspect that they may be the victims of identity theft should contact the three main credit reporting agencies that track consumer credit histories, file a police report and clear their records with individual credit card companies, a process that took Gordon eight years. The FTC estimates that Americans spent 300 million hours resolving ID theft cases last year. Once an identity thief has a Social Security number, they can also get the name and birth date of the potential victim through a variety of legal online sources. With this information, thieves can apply for credit cards. The UT-Austin case prompted the Texas Legislature to pass a law prohibiting schools from using Social Security numbers as student IDs. Six other states have passed similar laws. Part of the problem is the ubiquitous use of the unique number. "Now the problem that many universities face is how to minimize the exposure of the numbers," said Updegrove, who has managed computer systems at Yale and the University of Pennsylvania. Chris Hoofnagle, deputy counsel at the Washington-based Electronic Privacy Information Center, said the key to curtailing identity theft was to put the "Social Security genie" back in the bottle. "We need to get the SSN out of circulation," he recently told a congressional hearing. He said colleges and universities should assign randomized identification numbers that would keep the Social Security number out of widespread circulation. Despite warnings from the Social Security Administration that the number should not be used for other purposes, a 2002 study by the American Association of Collegiate Registrars and Admissions Officers found that 50 percent of the nation's universities use the government ID number to identify their students. Some colleges cite the cost of changing their identity system as prohibitive, but even for those that do change to other numbers, security is not guaranteed. Earlier this month, American University in Washington learned that loopholes in its Web site allowed anyone online to access student's Social Security numbers, dates of birth, tax filings and other personal information. The university's student newspaper reported that the information had been available to the public for more than a year. An ongoing investigation has not shown whether anyone had accessed the data, said Todd Sedmak, director of media relations for American. American changed student identity numbers from their Social Security numbers years ago for security reasons, he said. The University of Georgia last year required each of its 38,000 students to pay a $3 fee to change their student ID numbers to a randomly generated set of digits. However, the student's Social Security numbers were still used on aid forms and other state and federal documents that required them. Last month, hackers broke into the university's computer network and gained access to 45,000 student and applicant files containing credit card and Social Security numbers and birth dates dating back to 2002, said Tom Jackson, a spokesman for school. American University, University of Georgia and University of Texas at Austin each contacted students and faculty whose private information was exposed on their systems, though there is no federal law requiring institutions to notify someone if their information has been stolen. "We did everything we were supposed to do to give the students the best protection," Jackson said. "We changed the student ID numbers and had good security on our computers, but we were robbed anyway." ####
New	Articles	Television	Resume	Bio	Contact

New

Articles

Television

Resume

Bio

Contact

Students are choice prey for identity thieves

The New York Times News Service (March 1, 2004)

Raleigh News and Observer (March 15, 2004)

Sheila Gordon was 19 when her identity was stolen.

For years afterward, she was denied student loans and federal grants but was never told the reason. Gordon didn't learn what happened until five years later when an investigation revealed that someone had used her name in applying for 32 credit cards, generating more than $150,000 in debt.

What's more, since her clone was also working under her name and declaring income to the government, the real Shelia Gordon couldn't qualify for student loans.

Gordon and nearly 27 million Americans have been victims of identity theft in the past five years, with complaints doubling each year, according to a September 2003 report from the Federal Trade Commission. There were nearly 10 million cases of ID theft reported last year alone.

While thieves routinely harvest personal information by conducting telephone scams, stealing mail or by rooting through garbage bags, colleges and universities that use Social Security numbers to identify students are becoming an increasingly vulnerable target.

A year ago the vulnerability of students was highlighted when a student at the University of Texas at Austin hacked into the school's computer network and downloaded the names and Social Security numbers of more than 55,000 students, faculty and alumni.

To protect against ID theft, the university was in the process of converting all student identity numbers before the hacker attack, a process that is taking years and costing millions of dollars. Texas ranks second in the nation in reported identity thefts, according to the FTC. The same study shows that the number of victims reporting identity theft rose 44 percent in Texas last year compared with 33 percent nationwide.

"Changing a system like this is a hugely complicated problem," said Dan Updegrove, vice president for information technology at the University of Texas at Austin. "Colleges are required by law to collect Social Security numbers for anyone they pay and for federal financial forms; so it seemed perfect to use them as student ID numbers."

Universities are at risk because of the expansive and interconnected nature of computer networks, often with varying levels of security, that store student information. In addition, students make appealing targets because they generally have clean credit records and are not accustomed to regularly checking their credit reports.

"The problem is that the crime can go unnoticed for so long," said Gordon, who is now the director of victim services at the Identity Theft Resource Center in San Diego. "People at that age are just not thinking about things like their credit history. They don't understand how they work, which makes them more vulnerable."

Those who suspect that they may be the victims of identity theft should contact the three main credit reporting agencies that track consumer credit histories, file a police report and clear their records with individual credit card companies, a process that took Gordon eight years. The FTC estimates that Americans spent 300 million hours resolving ID theft cases last year.

Once an identity thief has a Social Security number, they can also get the name and birth date of the potential victim through a variety of legal online sources. With this information, thieves can apply for credit cards.

The UT-Austin case prompted the Texas Legislature to pass a law prohibiting schools from using Social Security numbers as student IDs. Six other states have passed similar laws.

Part of the problem is the ubiquitous use of the unique number. "Now the problem that many universities face is how to minimize the exposure of the numbers," said Updegrove, who has managed computer systems at Yale and the University of Pennsylvania.

Chris Hoofnagle, deputy counsel at the Washington-based Electronic Privacy Information Center, said the key to curtailing identity theft was to put the "Social Security genie" back in the bottle.

"We need to get the SSN out of circulation," he recently told a congressional hearing. He said colleges and universities should assign randomized identification numbers that would keep the Social Security number out of widespread circulation.

Despite warnings from the Social Security Administration that the number should not be used for other purposes, a 2002 study by the American Association of Collegiate Registrars and Admissions Officers found that 50 percent of the nation's universities use the government ID number to identify their students.

Some colleges cite the cost of changing their identity system as prohibitive, but even for those that do change to other numbers, security is not guaranteed.

Earlier this month, American University in Washington learned that loopholes in its Web site allowed anyone online to access student's Social Security numbers, dates of birth, tax filings and other personal information. The university's student newspaper reported that the information had been available to the public for more than a year.

An ongoing investigation has not shown whether anyone had accessed the data, said Todd Sedmak, director of media relations for American. American changed student identity numbers from their Social Security numbers years ago for security reasons, he said.

The University of Georgia last year required each of its 38,000 students to pay a $3 fee to change their student ID numbers to a randomly generated set of digits. However, the student's Social Security numbers were still used on aid forms and other state and federal documents that required them. Last month, hackers broke into the university's computer network and gained access to 45,000 student and applicant files containing credit card and Social Security numbers and birth dates dating back to 2002, said Tom Jackson, a spokesman for school.

American University, University of Georgia and University of Texas at Austin each contacted students and faculty whose private information was exposed on their systems, though there is no federal law requiring institutions to notify someone if their information has been stolen.

"We did everything we were supposed to do to give the students the best protection," Jackson said. "We changed the student ID numbers and had good security on our computers, but we were robbed anyway."

####

New

Articles

Television

Resume

Bio

Contact