BC warns its alumni of possible ID theft after computer is hacked

March 17, 2005

By Hiawatha Bra, Globe Staff

http://www.boston.com/business/technology/articles/2005/03/17/bc_warns_its_alumni_of_possible_id_theft_after_computer_is_hacked/



Boston College has sent warning letters to 120,000 of its alumni, after a computer containing their addresses and Social Security numbers was hacked by an unknown intruder.

College officials say they have no reason to believe the intruder was looking for personal information to steal; instead, the attacker planted a program that would enable him to use the computer to launch attacks on other machines. But the school is taking no chances, because of the sensitive information stored on the computer.

''As a precaution we have chosen to alert the entire database, which is upwards of 100,000 individuals," said Boston College spokesman Jack Dunn.

The breach at the college takes place amid rising concern over identity theft, and the recent break-ins at information brokers ChoicePoint and LexisNexis.

The compromised machine at Boston College was not run by the school, but by an outside contractor that Dunn did not identify. It was one of a group of computers used in the school's fund-raising activities. Boston College students use the machines to look up names and phone numbers of alumni. They telephone them and ask for donations to the college. Such phone banks are a common feature at many colleges, Dunn said.

During a routine security check last week, Boston College computer security workers found that one of the computers at the phone bank had been compromised. The computer was immediately taken offline and tested in an effort to find what the attacker had been trying to do.

The investigation concluded that there was no evidence of identity theft. The school also concluded that the hack wasn't an inside job. ''There's no evidence to suggest that this involved anyone from the Boston College community, but instead was an external hacker," Dunn said.

But investigators couldn't be absolutely sure that the intruder hadn't also collected some personal information on alumni, such as their Social Security numbers. Dunn said that including Social Security data in the alumni files was a matter of custom. ''Every university in the United States, for decades, used Social Security numbers as identifiers from alums," he said. ''As a result of the breach, we have taken immediate actions to purge all Social Security numbers for this particular computer, and from all alumni records."

The letter to alumni urges them to take precautions to protect their identities and financial accounts. They're told to contact their banks and warn them that their Social Security numbers may have been stolen. The letter suggests obtaining copies of credit reports to check for unusual activity. Alumni are also urged to ask that a ''fraud alert" be put on their credit reports.

Such alerts will prevent banks and credit card companies from making new loans without double-checking with the account holder. A complete list of suggested remedies is posted on the Boston College website at www.bc.edu/alert.

Dunn said the precautions made sense for anybody worried about identity theft. ''As a precaution," he said, ''people should do this on a yearly basis anyway."


main page ATTRITION feedback