Carnegie Mellon business school reports data breach

April 21, 2005

By Linda Rosencrance,10801,101230,00.html

APRIL 21, 2005 (COMPUTERWORLD) - Carnegie Mellon University's Tepper School of Business has notified 19,000 students, alumni, faculty and staff that their personal data may have been compromised, according to university spokesman Mike Laffin.

The business school learned of the incident on April 10, when the university's IT Computing Services Office noticed unusual activity on the business school's computer network, Laffin said.

After discovering a potential breach, Computing Services disabled, inspected and secured all servers and PCs, he said. It also posted a statement online describing the incident.

Laffin said the university sent e-mail notices, followed by hard-copy letters, to the affected people. "There is no evidence that there has been any unauthorized use of the personal information," he said.

The compromised information included Social Security numbers and grades for the master's alumni classes of 1997 through 2004, job offer information for the master's alumni classes of 1985 through 2004, contact information for all alumni, and Social Security numbers and grades for the doctoral alumni classes of 1998 through 2004.

Laffin said that approximately 5,000 to 6,000 of the 19,000 affected individuals had their Social Security numbers and credit card information compromised.

The Tepper incident is similar to computer breaches reported in recent weeks by other universities, including Tufts University in Medford, Mass., and Boston College (see story).

main page ATTRITION feedback