Purdue notifies grad students, applicants of possible security breach

April 26, 2006

http://news.uns.purdue.edu/UNS/html3month/2006/060425.Smith.dataincident.html



WEST LAFAYETTE, Ind.- Purdue University's School of Electrical and Computer Engineering is notifying 1,351 individuals of a computer security breach involving their Social Security numbers.

"We have determined that an unauthorized person gained electronic access to a computer containing information belonging to current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships," said Mark Smith, head and professor of the School of Electrical and Computer Engineering.

"While there is no evidence that their files have been accessed, the potential exists. Consequently, we have sent letters notifying each of these individuals of the incident."

The information had been entered during the past three years as part of an application process for graduate and undergraduate programs in the School of Electrical and Computer Engineering. The unauthorized access occurred in February.

"We deeply regret this incident, and we are taking steps to ensure that this does not happen again," Smith said. "Purdue University and its School of Electrical and Computer Engineering are committed to protecting the information and privacy of our students, faculty and staff."

Smith said his letter outlined steps those affected can take to check their credit reports and safeguard against identity theft.

"Unfortunately, technology that allows us to obtain and process information so easily can be misused by those with dishonest motives," Smith wrote in the letter. "Unauthorized access to computers is a global problem that concerns every business and organization. This is exacerbated by the fact that, in the years before identity theft became a concern, Social Security numbers were used routinely for identification.

"Removing Social Security numbers from all of the university's business practices is an enormous and expensive process, but the university has mandated that every possible step be taken to solve this problem by the end of this calendar year."

More information about Internet security is available online.

Writer: Jeanne Norberg, (765) 494-2084, jnorberg@purdue.edu

Purdue News Service: (765) 494-2096; purduenews@purdue.edu

[an error occurred while processing this directive]