Running Head: CHAOS IN COLLEGIATE CYBERSPACE

Chaos in Collegiate Cyberspace

FVCproductions
July 18, 2014
Computer Programming II

!1

CHAOS IN COLLEGIATE CYBERSPACE

!2

Chaos in Collegiate Cyberspace

Introduction
Butler University is the last to take the hit in a series of recent attacks on universities
struggling to protect their members personal data. It is all common these days to find additional
compromises within these school systems that have been going on undetected for years. These
digital assaults pose serious cyber-security threat to those universities which have to pay millions
of dollars and an injury to their reputation in compensation for all the stolen sensitive research,
intellectual property, and personal data.
Article Summary
Butler University notified 163,000 staffs and students of a data breach on June 30 of this
year, according to an article originally published June 29 of this year by WHTR, Indianas News
Leader (Longnecker, 2014). According to the letter sent out to those affected, law enforcement in
California had alerted the university after arresting a suspect accused of identity theft who was
carrying a flash drive with personal information about Butler employees. The exposed data
ranges from the less harmful such as names and birth dates to more destructive details such as
Social Security numbers and bank account details, all stolen from what Butler believes to be,
regrettably, a remote hacking sometime between November 2013 and May 2014 (McCleery &
Wang, 2014). Even prospective students who never ended up attending Butler had information
stolen. Butler spokesman Michael Kaltenmark has stated that the suspect thats been arrested
has no affiliation with [the university] (Longnecker, 2014). Butler officials also assert that they
they were able to discover and consequently rectify all vulnerabilities in their IT systems and

CHAOS IN COLLEGIATE CYBERSPACE

!3

have gone so far as to offer a free one-year membership for a identity theft protection service
to all those directly impacted (McCleery & Wang, 2014).
Ethical Concerns
Higher-education data breaches relate most closely to Section 1.7 of the Association for
Computing Machinery (ACM) Code of Ethics which states that as an ACM member, one will
respect the privacy of others, and therefore make sure to maintain the privacy and integrity
describing individuals (ACM Council, 1992). It is clear then that the hacker in question, whose
name has yet to be publicly revealed, was not an ACM member. This brings to mind the fact that
those handling computer security at Butler University, were they members of the ACM, would
further hold responsibility, in this case, to take precautions in order to protect sensitive data of all
personnel in the university from unauthorized access or accidental disclosure to inappropriate
individuals (Code of Ethics, 1992).
In terms of what the HU Information Technology policy lays out to students and faculty,
data breaches at Hampton would be a rare event. Because the policy aims at making sure all
members of HU can be afforded privacy and cannot be unwillingly subjected to abusive
behavior, the crime of computer invasion is never tolerated. These guidelines even go so far as
to point out the Virginia Code 18.2-152.5, which criminally charges those who intentionally
examine employment, salary, credit, financial, or personal information without any authority
to do so (Hampton University Center for Information Technology, 2014).
However, to be fair, Butler University had equally reputable intentions listed in their
Computer Use Master Policy which lays out similar ground rules that every member should be

CHAOS IN COLLEGIATE CYBERSPACE

!4

mindful of when utilizing technology at Butler (Butler University Policy & Procedure, 2010).
Making note of this, it is vital for all universities to realize that even carefully planned out,
inscribed precautions may not be enough to sustain a privacy attack on the entire school given
valid security protocols that are currently in place. In addition to the universities being at a
terrible financial risk if they are breached, the IT departments have to pay the price by coming up
with even more strict regulations that can mitigate these attacks and provide the much needed
support for those that were potentially affected through the exposure of their personal
information (Virgillito, 2014).
Final Thoughts & Conclusion
This hapless breach of Butler could have been prevented, no doubt. However, data breach
insurance is both difficult to obtain and costly for any university. This is primarily because before
the institution can opt for insurance, insurance companies offering protection maintain a
checklist of what kind of computer architecture is required to comply with modern security
protocols (Virgillito, 2014). However, other measures of security that can be taken include
establishing stringent data security policies in which all members of the university are required to
strictly follow. Personally, I believe the advice of J.J. Thompson, the CEO of Rook Security,
which is a global provider of IT security solutions, bears great importance for the cyber-security
of all educational institutions (Ragan, 2014). He mentions three vital steps educational
institutions can take to prevent future breaches: identify where sensitive data is stored, confirm
current software can prevent and detect breaches appropriately, and ensure existing architectures
does what it is meant to (Ragan, 2014). Following this advice is a critical first step to a more safe
and secure campus virtually and physically in these newfangled times of ours.

CHAOS IN COLLEGIATE CYBERSPACE

!5

Bibliography

Butler University Policy & Procedure. (2010, March 1). Computer Use Master Policy. Retrieved
July 12, 2014, from http://www.butler.edu/information-technology/policies-security/
computer-use-master-policy/
Code of Ethics. (1992, October 16). Association for Computing Machinery. Retrieved July 12,
2014, from http://www.acm.org/about/code-of-ethics
Hampton University Center for Information Technology. (2014). Information Security. Retrieved
July 12, 2014, from http://cit.hamptonu.edu/page/Information-Security
Longnecker, E. (2014, June 29). Data breach at Butler exposes nearly 200K people. 13 WTHR
Indianapolis. Retrieved July 12, 2014, from http://www.wthr.com/story/
25900150/2014/06/29/data-breach-at-butler-exposes-nearly-200k-people
McCleery, B., & Wang, S. (2014, June 30). Cybersecurity expert says little risk from Butler data
breach. INDYSTAR. Retrieved July 12, 2014, from http://www.indystar.com/story/news/
crime/2014/06/30/butler-university-data-breach-affects-k-school-ties/11745909/
Ragan, S. (2014, June 30). Butler University data breach impacts 163,000. CSO Online.
Retrieved July 14, 2014, from http://www.csoonline.com/article/2429410/disasterrecovery/butler-university-data-breach-impacts-163-000.html
Virgillito, D. (2014, July 9). The State Of Data Breach In Universities | VPN Creative. VPN
Creative. Retrieved July 12, 2014, from http://vpncreative.net/2014/07/09/state-databreach-universities/