GU Breach Found Almost 3 Weeks Ago

March 5, 2006

By Caryle Murphy, Washington Post Staff Writer

A cyber attack on a Georgetown University computer server that exposed personal information on 41,000 elderly District residents was discovered almost three weeks ago during a routine, internal inspection, a university spokesman said yesterday.

The break-in, first disclosed by the university Friday, was not reported earlier because "it took some time to understand the nature and scope of the intrusion," spokesman Erik Smulson said.

Additional time was needed for the U.S. Secret Service -- the federal agency that investigates identity theft -- to examine the compromised server and for the university to set up a Web site and a hotline to inform the public about the attack, Smulson added.

The invaded server was used by a researcher to monitor services provided to the elderly for the D.C. Office on Aging. The personal information, including names, birthdates and Social Security numbers, was supplied by about 20 groups that contract with the Office on Aging to serve the elderly.

University computer security specialists first became aware of the intrusion Feb. 12, Smulson said, and after attempting to determine the extent of the breach, the university contacted the Office on Aging on Feb. 24. By Friday morning, they concluded that the attack may have exposed up to 41,000 names. That is the cumulative total entered into the server since the researcher's grant began in 1983.

Georgetown University is attempting to locate addresses for the 41,000 individuals to mail them letters informing them of the breach. Smulson said some people may be deceased or impossible to track down.

Meanwhile, the university is urging people who believe their name was exposed to set up a fraud alert on their credit file. It has provided information on how to do that at .

Information is also available at a toll-free number, 866-740-2458.

[an error occurred while processing this directive]