McComb Enterprise-Journal

Print this Article

Email this Article

SMCC breach could cost $140,000-plus

By Allyson Reynolds Dixon | Enterprise-Journal
Posted: 11/03/08 - 01:22:19 pm CST

The cost of cleaning up a security breach that occurred last month at Southwest Mississippi Community College could range upward of $140,000. While the school is insured for the breach, officials say that ensuring the financial safety of its students and employees would be worth every penny.

The breach, which affected 6,792 students and employees, occurred when a crashed server was brought back online, the college has said.

The leaked information dated back to 2002.

SMCC President Dr. Oliver Young said last week that the college has notified all potential victims and is urging them to take advantage of fraud alert protection and other services the college is making available through the Identity Theft Resource Center, a California-based nonprofit organization.

The college hired the center within hours of learning of the breach, Young said.

The cost of fixing the problem will be based on how many students take advantage of the fraud alert services through Identity Theft Resource Center, said Grady Smith, vice president of business affairs.

“If everyone on the list took advantage of the fraud alert, the maximum would be — plus hiring the company and stamps (for the notification letters) — would be in excess of $140, 000,” Smith said.

“But … based on this company and what the insurance company told us, the average response in a case like this is roughly 20 percent response to an offer to get fraud alert or credit monitoring. So that’s like a little over $30,000, and we are insured.”

As of Oct. 31, 641 of the people affected had responded to the offer for fraud alert notification.

Young said the college went the fraud alert route because it occurs when a person opens an account in someone else’s name, whereas credit monitoring occurs only after charges on an account have been made.

SMCC vice president of instruction Alicia Shows said no credit card numbers or bank account information was involved, although students’ Social Security numbers were leaked.

The information “really only would be something you would use to create a new account,” she said. “So the fraud alert is a lot more proactive.”

Shows said the resource center was complimentary of the college’s response.

“Within a week of the first time we were notified, everything was removed, everyone was notified, and they said that was a tremendous effort for the people here and that it showed we were really working toward being fair to the students and employees affected,” Shows said.

The incident was not the first breach in Mississippi.According to the watchdog site privacy records.org, the SMCC breach was the fifth in the state, dating back to an incident with several thousand city workers and water system customers in Hattiesburg in 2006.

Perhaps the largest breach in Mississippi occurred when the secretary of state’s Web site listed more than 2 million filings in which thousands of Social Security numbers were exposed. In December 2006, the private information for approximately 2,400 students and staff was posted on the Mississippi State University Web site. The only other incident affected an undetermined number Winn-Dixie pharmacy customers in Pascagoula.

One of the largest breaches that could have involved area students occurred in July 2007 when the Louisiana Board of Regents discovered that the private information for 80,000 students and staff had been posted on the Internet for up to two years.

The SMCC breach was one of many that happen nearly every day. A check of privacy records.org, which updates security breaches daily, shows that approximately 266 have occurred in 2008, and more than 245,207,093 records have been compromised since 2005.

“If you look at the list of occurrences, it’s just about every other calendar day,” he said. “This has been going on really since technology and the Internet and paying bills on the Internet. … It shocked me. I had no idea that it was so frequent.”

Our Other Stories
SMCC breach could cost $140,000-plus Man charged with assaulting official Senate candidates make final pitches Down to the wire: Candidates on all-out dash to lure voters

Or, as the watchdog site indicates, that it could happen to anyone — from disabled veterans to the families of high school students to pharmacy customers.

“Mississippi State has a cyber crimes department … and if it can happen to them with their expertise and the resources they have to prevent something, then that pretty much tells you it can happen to most anyone,” Young said. “The equipment, the servers, etc., are not completely failsafe, I guess.

“My information was out there, some of my children’s information and other employees, their information was out there,” Young said. “And you know that we do everything we can, not only to protect our employees, but our students.”

Let us know what you think about this story or topic.

Fay Beard wrote on Nov 5, 2008 6:51 PM:

" I am one of those students since 2002 until now. I hope this dose not happen again. I did take out the fraud alert they gave us but, it is only for one year. and we have to do all the work. contact the credit people and try to keep track of all this. like going to school isn't stress enough now we have to worry about some one stealing our ID. Great job SMCC. "

Disillusioned wrote on Nov 3, 2008 11:17 PM:

" For the individuals possibly affected by this security breach, will they feel reassured with todays report? Will those possibly affected be forever looking over their shoulders for days, months, and/or years to come? For those individuals, has the institution provided experts in identity thief to calm their possible panic and fears? How will this institution react to other possible events in the future? Will those 6,792 individuals be convinced that because there are security breaches all around them, that they should take such things in stride? First, the report indicated 1,000 students. This first news report reached NBC affiliates (websites) in New York State and California. Most newspapers owned by Garnett Publishing printed the story. Now the public knows this event included more than students, it included the employees as well. "

SMCC Faculty member wrote on Nov 3, 2008 10:17 PM:

" This is a terrible accident. Alicia Shows is not completely at fault. The tech people at SMCC do a fine job. Southwest is behind the times. The Board has kept the school from making vital improvements. Pres. Young's decision to wait in releasing the information is .... Poor administration. "

Augustus wrote on Nov 3, 2008 7:27 PM:

" Wow one hundred And fourty Thousand Dollars to fix a big mistake. Well When SMCC Makes A mistake They make it big. "

Your comment may not immediately appear on this Web site. We appreciate your patience.