HOLLYWOOD, Md.—An audit of the operations of St. Mary's College of Maryland that lasted for three years showed that the college had problems securing important information on its computer databases including personal information of faculty and students alike.
Also, the audit found that the public honors college failed to always get proper cost documentation from its food service vendor regarding how much the college was billed.
The food service bill alone for the college was $4.2 million for 2015, the report from the state's Office of Legislative Audits stated.
The last finding of the audit showed that the college did not independently check on payouts for accumulated leave; in one case the lack of oversight resulted in the over-payment of $10,000 to an employee who was retiring from state employment.
St. Mary's College of Maryland is part of the University System of Maryland.
The sensitive information noted in the report included in some cases names, birthdates and even social security numbers of both employees and students; the report stated that contained in the database was unique personal information on 117,194 "individuals."
"In addition, we determined that this sensitive [information] was not protected by other substantial mitigating controls," the audit stated.
Further the audit found that the college's computers' were not adequately protected against malware and the college also did not have proper assurances that the malware protection software installed on its computers was operating properly.
As of February of this year, the report stated, the college had 314 computers on campus that did not have malware protection software installed.
"College personnel advised us that this information was unreliable because it included numerous retired computers that had not been removed from the college's network directory of computers and that certain computers were configured to report to an outdated malware protection tool rather than the current malware protection tool," auditors stated in their report.
In a response to the audit, college officials agreed with many of the findings and agreed to find ways to mask critical personal information from those who have no need to see it and to ensure that malware was installed on its computers and its database.
The college also agreed that it needed to do a better job of ensuring the payments to its food service vendor were verified and legitimate.
For more local stories from the County Times newspapers, visit ct.somd.com