Main Nav

GAO Releases Report on Data Breaches and Identity Theft

The Government Accountability Office (GAO) has released a Report on Data Breaches that concludes while "breaches of sensitive information have occurred frequently and under widely varying circumstances, . . . the extent to which data breaches have resulted in identity theft is not well known." It further concludes that "should Congress choose to enact a federal notification requirement, use of a risk-based standard could avoid undue burden on organizations and unnecessary and counterproductive notifications of breaches that present little risk."

Some further higher education references in the report:

  • EDUCAUSE, a nonprofit association that addresses technology issues in higher education, conducted a survey in 2005 on data security at higher education institutions in the United States and Canada. Twenty-six percent of the 490 institutions that responded said they had experienced a security incident in the past year that resulted in the compromise of confidential information." (page 16)
  • Representatives of the American Council on Education and two other higher education associations stated that while data breaches at colleges and universities were not uncommon, they were aware of little to no identity theft that had resulted from such breaches. (page 23)
  • 7 higher education institutions are identified (although not by name) among the 24 large publicly reported data breaches from January 2000 - June 2005 that were examined by the GAO which included interviews with educational institutions. (page 26)
  • There are also costs associated with actual notifications - potentially including printing, postage, legal, investigate, and public relations expenses . . . Entities also may incur costs related to staffing call centers to field inquiries from consumers about the breach. For example, representatives of the University of California at Berkeley told us that following a 2005 breach of 98,000 records, the university spent $75,000 in staffing, telecommunications, and other call center costs. (page 34)

The report also makes frequent reference to the President's Identity Theft Task Force Report released in April.


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.