The report, prepared by consulting firm Cedric Bennett & Associates, also found that the university had attempted to manage information security in a decentralized manner, according to a report in the Honolulu Star-Advertiser newspaper.
The most recent data breach at the university, which was disclosed in November, involved the placing of personal information for more than 40,000 students on an unsecured website.
In addition, the Liberty Coalition issued a report last year in which they estimated that close to half a million personal records have been breached in the state of Hawaii, with more than half of those breaches occurring at the University of Hawaii.
To counter the lax security at the university, the report recommends that the university develop a well-funded, centralized information security program.
A lawsuit has been filed by Philippe Gross and Grande Law Offices against the university over the data breaches. This week, lawyers for the plaintiffs requested that the report results be released to the public, which the university did on Wednesday.
Attorney Thomas Grande said that the university has refused to settle the case and that he has filed a motion for class certification, with a hearing scheduled in September.
University spokeswoman Lynne Waters told the newspaper that the lawsuit is “totally without merit”, and the university plans to file a motion to dismiss the suit.