Computer hacking affects 679 employees at IPFW

May 25, 2005

By Sheena Dooley

About 679 Indiana University-Purdue University Fort Wayne employees could be victims after a hacker tapped into a Purdue University computer network.

Tuesday, IPFW administrators urged employees to monitor their financial and credit reports for unusual activity.

The computer access occurred while software developers were updating a computer program at Purdue University in West Lafayette. The program contained university credit card information and the Social Security numbers of employees, and retired and former employees. Some of IPFW's employees are paid by Purdue University.

“They added a new capability and didn’t think of a weird way someone could slip in the back door,” said Bob Kostrubanic, IPFW’s director of information technology systems. "It's like someone probing your coat to see if they can get your wallet out." Officials learned what happened after the developers noticed unusual activity earlier this month. Purdue officials found 11,360 staff Social Security numbers were listed on the computer network’s hard drive. They were unable to determine if the hackers actually swiped the information, but the opportunity to do so existed, said Jim Bottum, Purdue’s vice president for information technology.

Employees throughout the university system who were directly affected received letters this week informing them their names and personal information had been compromised. Purdue officials recommended employees have a fraud alert attached to their credit report. IPFW associate chemistry professor Bob Berger was among those who followed that advice.

"I probably won’t lose any sleep over it," Berger said. "It bothers me though that somebody can get access to this information. It makes me angry that there are people out there who are going to hack into computer systems that they have no business hacking into."

Officials said there is no way to tell who hacked into the network. Instead, their investigation will center on how the intruders gained access, Kostrubanic said.

Though Purdue recently beefed up security on its computer network, the real challenge lies in how to store the data on those networks, Bottum said.

The university system started moving away from an employee identification system that relies on Social Security numbers last year. That process was expected to be completed by the end of 2006, but officials said this incident could accelerate that timetable.

main page ATTRITION feedback