The University of Hawaii's adjustments to improve data protection of student information following a recent data breach did not go far enough, victims' attorneys recently asserted.
In a report recently obtained by Hawaiian television station KITV4, the attorneys alleged that university officials have not adequately proven that they are prepared to protect student and employee data in the event of another breach.
According to the news provider, the attorneys' report highlights four high-profile breaches that exposed the data of 100,000 current and former student and university employees. In response to the data security failures, the report offered 22 changes that would supposedly bolster data protection efforts.
One of the most recent breaches was revealed last year, when the university notified 40,000 former students that their names, Social Security numbers, addresses, birth dates and educational information had potentially been breached when a faculty member inadvertently accessed the information on an unencrypted web server.
The university said it promptly removed the exposed information and disconnected the server after discovering the breach.
However, the attorneys for the victims of this and the three other data breaches claim that, overall, the university has not done enough. According to the KITV4, the report cites a lack of funding and a poor data management system as the primary shortcomings.
"We've yet to see the plan and we've yet to see the budget," said attorney Tom Grande, according to the news source. "It's really a matter of restoring public confidence. They need to be forthright and up front about what they are doing and let the public know."
These data breaches underscore a growing need among universities to enhance data protection efforts, particularly in terms of employee security training. In addition to reputational damage, data breaches can result in fines for regulators and, as is potentially the case for the University of Hawaii, class-action lawsuits.