Network intrusion prompts Stanford to warn of possible data theft

May 27, 2005

By Todd R. Weiss

http://www.computerworld.com/printthis/2005/0,4814,102075,00.html



MAY 27, 2005 (COMPUTERWORLD) - Stanford University is notifying about 9,600 users of its Career Development Center of a network intrusion on May 11 that may have exposed their names, Social Security numbers and other personal information. Notices of the attack are being sent through the U.S. Postal Service or e-mail to students and alumni who have used the Career Development Center since 1995 to help find jobs, said Debra Zumwalt, an attorney in the university's office of general counsel.

As part of its security policy, the school immediately notified the San Jose field office of the FBI, which is investigating the incident, Zumwalt said. The attacker has not yet been identified.

Stanford network administrators discovered the electronic intrusion through their regular monitoring of the system, Zumwalt said. The intruder apparently accessed the Career Development Center system on May 11, but it is not known if any of the names, Social Security numbers or other data was copied or accessed, she said. No credit card information for individuals was included in the records, she said. The names and credit card information for some companies that had registered as prospective employers were also in the database.

After the intrusion was detected, the center's servers were disconnected from the university network and analyzed. Changes have been made to the system to prevent another attack, but the school does not comment on security improvements it makes, Zumwalt said. "We do care a lot about the security of our system," she said. "We don't want people hacking into our system."

The intrusion is the latest in a string of data theft and data loss incidents.

In March, officials at the University of California, Berkeley, had to notify more than 98,000 graduate students and applicants about the theft of a laptop computer on campus that contained their names, Social Security numbers and other personal information (see story).

In another incident at the same school, hackers infiltrated a research database last October that included files on 1.4 million people (see story). The files contained account information on recipients and providers participating in a program that provides home-care services to low-income elderly and disabled Californians.

Last September, the disappearance of a laptop hard drive at California State University forced the school to notify anyone whose personal information might have been stolen. The hard drive, which contained the names, addresses and Social Security numbers for some 23,000 students, faculty members and employees at seven CSU campuses, was believed to have been accidentally thrown away after an IT technician replaced it.


main page ATTRITION feedback