Hacker attacks college server

July 7, 2005

By Amy Davis, The State News


More than 27,000 students were informed by e-mail on Tuesday that their Social Security numbers could have been compromised by an attack on the College of Education's server.

The server housed information that included student names, addresses, student courses and personal identification numbers. After the intrusion was discovered at the beginning of April, the server was taken off-line and a computer forensic investigation on the incident was started, said College of Education Assistant Dean Gail Nutter. Now, the college no longer maintains student Social Security numbers on its server.

Because personal information could have been accessed, Judith Collins, director of MSU's Identity Theft Partnerships in Prevention and associate professor of criminal justice, said students should immediately call their credit companies to put a fraud alert on their accounts.

"If someone has a name and Social Security number, they can apply for a credit card, so this is a major issue," Collins said. She added that no business or university is immune to intrusions.

Curriculum and teaching graduate student Nick Husbye said he isn't concerned about the security of his personal information, but he wished the university had warned students of the intrusion earlier.

"If they knew in April, it would have been more pertinent to let us know then, but I'm going to trust my college that they had a reason to let us know now," Husbye said.

Husbye said he will continue to keep an eye on his credit report. "That is what you should do anyway - you just need to be vigilant about your own stuff," he said.

The attack on the College of Education server is the latest in a string of similar intrusions on MSU servers. Last week, an intrusion was discovered within MSU's Department of Human Resources, which could have allowed the culprit to gain access to the Social Security numbers of all MSU employees and retirees.

David Gift, vice provost for Libraries, Computing & Technology, said MSU's policy of fully disclosing all intrusions gives the illusion that it's happening all of the time.

"These security breeches are happening so frequently these days that it doesn't matter if you know about the intrusion," Gift said, adding that unknown intrusions can happen almost as frequently and are a greater threat.

The university is taking a number of steps to protect sensitive information, Gift said. MSU is bolstering work security and minimizing sensitive information's potential exposure by eliminating personal data that doesn't need to be stored for a long period of time.

Gift said most computer intrusions are done for reasons other than to steal data, such as people seeking file space to illegally move files around. He added that it's difficult to determine the culprit of any hacking attempt because the culprits take extra measures to disguise their identities.

Adult education graduate student Jonathan Lembright received the e-mail about the computer server break-in and said he wasn't very concerned about the attack.

"I trust that MSU is doing their best to see our security is watched," Lembright said.


Amy Davis can be reached at davisam8 at msu.edu. Staff writer Maggie Lillis contributed to this report.

main page ATTRITION feedback