Add as a preferred source on Google


News

Audit Blames Funding, IT Priorities for University's Lax Security

Ohio University's Computer Services department was running seven-figure surpluses and spending on generous benefits for employees while it was failing to make adequate investments in firewalls and other computer security measures, according to an outside consultant's report.

The university is in the midst of investigating five cases of data theft since March 2005 in which 367,000 files containing personal information including Social Security numbers, names, medical records and home addresses were exposed.

The audit criticizes the university's Computer and Network Services division for making security a low priority for more than 10 years, though it had an annual budget averaging $11 million and annual surpluses averaging $1.4 million.

The outside consultants, from Moran Technology Consulting of Naperville, Ill., also found the department gave about 65 employees health-club memberships and other additional benefits not enjoyed by other workers at the university.

Not enough skilled computer staff and computer officials who did not "firmly and loudly identify important security problems" contributed to data theft, the audit said.

The audit details a profound problem, said R. Gregory Brown, chairman of the school's board of trustees. Trustees on Friday approved spending up to $4 million to secure university computers.

The university announced April 21 it had discovered a computer breach at its training center for fledgling businesses. Since then, electronic break-ins also were reported at the school's alumni office, health center and the department that handles records for businesses the university hires.

Students, alumni and employees have been told to run credit checks and place fraud watches on their credit card and bank accounts. About two dozen people with ties to the university have told the school they were victimized by identity theft in the last year.

The director of the department, Tom Reid, and the Internet and systems manager, Todd Acheson, have been suspended pending a school investigation.

"It's going to take a long time to develop a cogent response," Reid said. "I'm eager to have the facts come out."

Featured

  • Microsoft Dismantles RedVDS Cybercrime Marketplace Linked to $40M in Phishing Fraud

    In a coordinated action spanning the United States and the United Kingdom, Microsoft’s Digital Crimes Unit (DCU) and international law enforcement collaborators have taken down RedVDS, a subscription based cybercrime platform tied to an estimated $40 million in fraud losses in the U.S. since March 2025.

  • Sound Wave Illustration

    CrowdStrike's Acquisition of SGNL Aims to Strengthen Identity Security

    CrowdStrike signs definitive agreement to purchase SGNL, an identity security specialist, in a deal valued at about $740 million.

  • Microsoft Acquires Osmos, Automating Data Engineering inside Fabric

    In a strategic move to reduce time-consuming manual data preparation, Microsoft has acquired Seattle-based startup Osmos, specializing in agentic AI for data engineering.

  • Linux Foundation Unites Major Tech Firms to Launch Agentic AI Foundation

    The Linux Foundation today announced the creation of a new collaborative initiative — the Agentic AI Foundation (AAIF) — bringing together major AI and cloud players such as Microsoft, OpenAI, Anthropic and other major tech companies.

Most   Popular