When I wrote this week about the breach at the University of Indianapolis, in which the personal data of some 11,000 students, faculty and staff was potentially compromised by hackers, I couldn’t help but think about that SNL Weekend Update skit called “Really?!”
It’s a hilarious segment where Amy Poehler and Seth Meyers make fun of famous people for lacking common sense.
Well in the case of this breach, I was just shaking my head when I read a quote from University President Beverley Pitts:
Our investigation leaves no doubt that this was a professional job from outside, and it was well beyond our control.
Really, Beverley!?! Beyond your control.
OK, first of all, the University of Indianapolis should be lauded for no longer using Social Security numbers as identifiers, something the federal government is currently evaluating itself. (It appears, in this case, the hackers lifted old credentials that were still floating around in some database).
And yes, colleges face bigger IT security challenges than a lot of verticals, due to their open environments, limited budgets and sometimes inexperienced staff.
But – to say it was beyond your control, in 2008, considering all the awareness and all the headlines and all the security solutions, is just plain senseless.
Maybe it was a poor choice of words, Beverley. But if you get breached, admit that there was a shortfall somewhere in your baseline and then immediately work on rectifying it so that it never happens again.
Don’t proclaim helplessness.