Data thieves strike Georgia Tech

March 31, 2003

By Robert Lemos, Staff Writer, CNET

Online intruders broke into a server containing the credit card numbers of some 57,000 patrons of a Georgia Institute of Technology arts and theater program, a university official said Monday.

The online intrusions, which are thought to have occurred over the last two months, were only discovered in the past week or so, said David Terraso, a Georgia Tech spokesman. Both the Georgia Bureau of Investigations--an independent resource for the state's law enforcement personnel--and the FBI have started investigating the matter, he said.

"We sent out an e-mail to the people affected," Terraso said. He referred further questions to a Georgia Tech Information Security Center representative who wasn't immediately available for comment.

The break-in came shortly after Georgia Tech became the first university in the state to do away with reliance on Social Security numbers. As of March 1, the university stopped using Social Security numbers as the primary way to track student data, according to the school's Web site.

The incident is the third known Internet break-in at a U.S. university within the last several months.

Nearly 55,000 Social Security numbers were stolen by a student who took advantage of a security flaw in a key administrative database at the University of Texas at Austin. Investigators accused University of Texas student Christopher Andrew Phillips of the theft in mid-March.

In January, the University of Kansas acknowledged that online attackers had snagged the records of 1,400 international students.

Ironically, the latest victim is no slouch in terms of security. Georgia Tech is recognized by the National Security Agency as a "center of academic excellence" in information security assurance education.

main page ATTRITION feedback