Ohio University, a school that has become a poster child for lax computer security, says it will spend up to $4 million this year to upgrade its network.
The announcement comes after an audit revealed that for 10 years the university's Computer Services department spent too little on firewalls while spending big on cell phones and gym memberships for employees.
That's the reason the school's computer system became a hacker amusement park. The University began investigating at least five separate Internet intrusions in April, which resulted in the compromise of personal data for more than 300,000 students and alumni. At least one of the school's computer servers was accessible to electronic bandits for at least a year and possibly much longer--an unprecedented amount of time, according to one security analyst
Much of the $4 million investment will be used to "improve containment of servers," upgrade IT policies and procedures and add two more IT security personnel, the school said in a statement on its Web site.
Also, Ohio University is moving to fire two administrators named in the audit as being "primarily responsible" for the security lapses, according to the online edition of the Columbus (Ohio) Dispatch.