Stark State Web site’s security breached

August 30, 2005

Ed Balint

Some Stark State College of Technology students were surprised Sunday night when they tried to check their personal information on the school Web site.

The students couldn’t access their own grade in sociology, how many thousands they get in student loans, and whether they are on the dreaded academic probation.

Instead, the personal information of another student — selected randomly due to a computer software glitch — popped up: Social Security number, grade-point average, course load and whether a student completed that math course.

For example, when a student tried to review his or her own class schedule by punching in his or her Social Security number and personal identification number, another student’s information popped up randomly, not his or her own.

“If that happened to me, I would be really upset,” said Ashley Liebig, 20, of North Benton, an accounting major at Stark State. “The Social Security number is important, it’s kind of like your lifeline; it holds every single piece of information for you.”

“Thank God someone told me,” Liebig said, referring to The Repository. “I better check my stuff out.”

The college learned of the problem Monday morning through e-mails sent by students, said Irene Lewis Motts, director of marketing and communications at Stark State. The student portion of the Web site was out of service until about mid-morning Monday.

The security breach apparently occurred between roughly 9 p.m. and midnight Sunday, before the student-accessed part of the computer system automatically shut down, as it routinely does each night to back up the files, said Lewis Motts.

Students were most likely checking their schedules before the first day of classes Monday. Apparently there was no way to control whose file showed up.

David Sigmund was not especially worried that his personal information was viewed by another student.

“I was a little surprised,” the 52-year-old part-time student said. But since the glitch apparently occurred for a few hours, “I’m not really concerned about it. I can’t imagine there was anyone from South Africa looking for something.”

Lewis Motts agreed.

“I think for the most part our students are honest and very hardworking,” Lewis Motts said. “We don’t anticipate any problems. We certainly apologize for this error and have certainly done everything to correct this so it doesn’t happen in the future.”

Information for each of the 7,058 students at Stark State is accessible on the Web site through individual Social Security numbers and personal identification numbers. Ordinarily, students can pull up their own data, but nobody else’s.

Some other colleges use similar password-based systems.

Stark State student Brandon Stauffer, 19, of Canton was concerned.

“I’ll sue the school,” the fire science major said. “Seriously, that’s crazy. That’s personal information and that’s not cool.”

Personal information of at least 15 students was compromised, Lewis Motts said, based on the 15 e-mails the college received about the problem. Determining the extent of the leak was not possible, she said, since some students may have noticed it but not reported it.

Each of the 15 inquiries received an explanation and an apology, Lewis Motts said. An announcement to the student body at large was not planned, she said Monday afternoon.

Lewis Motts blamed the breach on a computer glitch, not a hacker who infiltrated the system in an attempt to disrupt it or intentionally steal information. The software, provided by Computing Options of Maryland, has been used for about three years without problems, she said.

“They’ve tested it repeatedly,” Lewis Motts said Monday afternoon. “I would say this was an unfortunate glitch, but we’ve seemed to fix the problem, and hopefully we won’t see any further problems.”

“Patches” were provided by Computing Options and installed by the college’s computer services department, Lewis Motts said.

Some students interviewed by The Repository found it odd that the computer mix-up occurred at a college specializing in technology. Course work is offered in computer forensics and security.

“There is some irony in that,” Lewis Motts agreed, “but I think it shows how vulnerable all of us are to computer problems.”

main page ATTRITION feedback