Campus files away data exposure incident

The IT Division and Associate Provost’s Q and A saw low attendance

Newswire photo by Michael Rauber | Campus was alerted last Wednesday that cheating-prevention software installed on computers in three labs in Smith Hall and the Conation Learning Commons left student data exposed. There is no report of a data breach.

Associate Provost Jeff Edwards hosted a Q and A session alongside the IT Division on Friday for students to learn more about recent data vulnerability in computer labs on campus. Business analytics and information systems professor Dr. Lauren Laker also contributed. There have been no signs that any information was stolen, only that there was opportunity for the data to be breached. Edwards made it clear that the data exposure does not mean that there was a data or security breach.

Edwards sent an email out last Wednesday informing the campus community that computers in the Trading Center in Smith, Smith Room G28 and Conaton Learning Commons Room 207 were affected by the data security incident. According to the email from the IT Division, the software that led to the exposure was originally installed to prevent cheating during tests and has since been removed. This software was only installed in the affected rooms.

Those who have used computers in these facilities since the fall of 2017 are being advised to change their passwords. This includes a change of passwords in Xavier accounts as well as any other accounts that someone may have used on these computers, such as Gmail or social media.

“It can be a pretty big deal,” junior Philosophy, Politics and the Public and computer science double major Elizabeth Bagley said. She further explained that “it depends what kind of data they can get to, but without strong passwords… a breach like this leaves individuals open to identity theft.” Bagley added that identity theft is only a concern for extreme cases.

Edwards asserted that information would not have left Xavier’s system because of firewall security. The test taking software installed could not track everything the users do on a computer and could not release information as personal as Social Security numbers or bank records.

Students at the Q and A session raised questions of cyber security awareness and bringing attention the importance of cyber literacy. One student suggested that students be required to go through complete cyber security training either on the first day of classes or during Manresa. Xavier faculty and staff are currently required to complete cyber security training.

Other students expressed concern that Xavier students might not understand the severity of the situation. They pointed out that some students have simply brushed off the incident and fewer than 20 students felt compelled to attend the Q and A session.

Miranda Cocca, a senior entrepreneurship and marketing double major, shared that being in one of Laker’s classes opened her eyes to the severity of a potential data breach.

“It has given me a greater respect for some of the Xavier faculty, as they have demonstrated a true care for their students,” Cocca said.

Cocca and Jack Graber, a senior business analytics major who attended the panel, both shared that they were appreciative of Laker and Edwards for maintaining open communication with the student body regarding the incident.

“Dr. Laker and other professors recognized that many Xavier students didn’t realize the significance of the incident, which is why clear communication to students was, and still is, so important,” Cocca said.

Gaber hopes that the university takes this incident as a lesson and will be more pro-active in the future.

“I still believe that this issue should have never happened. I hope that this scare is going to pave the way for the future of Xavier University’s data security systems and an action plan for the students if something like this happens again,” Graber said.

By: Michael Rauber | Staff Writer