The University of Hawaii has bad luck with technology, especially when it comes to security. This semester is no exception.

Last year it was dealing with security breaches that compromised the private information of tens of thousands of students.

This year, UH is dealing with a rash of phishing emails targeting UH faculty members, employees and students.

An Aug. 16 email to the UH community announced that “The University of Hawaii is seeing an increase in phishing emails targeting members of the University of Hawaii community.”

These phishing emails claim to be from UH stating that in order to ‘validate’ or
‘upgrade’ your account you must send personal information such as:

  • your UH username or email account
  • password
  • date of birth, social security number or even bank account

DO NOT RESPOND to such emails. The University of Hawaii will NEVER ask
for your UH username or email account and password in an unsolicited
email message.

While the email provides a timely warning about sharing private information, it doesn’t tell the whole story.

My roommate, a grad student in UH’s Educational Technology program, informed me that at least one of the phishing emails came from people within the UH community, because it was a “reply to all” on a campus-wide email list.

Maybe that email was a joke, and maybe it wasn’t. Either way, it highlights a loophole in the university’s security when anyone within the network can issue campuswide or systemwide emails without being screened.

Add to that a system crash this week that has temporarily halted issuance of UH ID cards and department badges, and the university seems to have gotten off on the wrong foot this year.

About the Author