Hackers, laptop thieves compromise personal information of 17,500 at Ohio State in separate incidents

April 18, 2007

By Frank Washkuch Jr., SC Magazine


On March 31 or April 1, a hacker using a foreign web address cracked a university firewall and accessed the names, Social Security numbers, employee ID numbers and birth dates of more than 14,000 current and former staff members, according to a university statement.

The university sent letters to affected personnel, who were offered a year of free credit protection.

Of the victims, nearly 7,000 are current staff members, while more than 7,100 are former university employees.

The university, upon discovering the breach on April 2, blocked access to the exposed database and informed state and federal law enforcement authorities.

University spokesman Jim Lynch told SCMagazine.com today that experts from Cybertrust have been hired to investigate the hacking.

In an unrelated incident, the personal information of about 3,500 current and former chemistry students was compromised when two laptop computers were stolen from the home of a university professor on Feb. 24.

The laptops were likely not the target of the burglary, and were stolen with a number of other household items, according to Lynch.

Records stored in the laptops contained names, Social Security numbers and grades, according to the university.

Lynch said it.s likely the laptops may have been stolen by thieves not interested in or aware of the personal information contained on them. He was unsure whether the data was encrypted.

Ohio State is the last in a growing line of education institutions to suffer a data breach.

Late last month, hackers compromised a server to access the personal information of 46,000 students, faculty members and staff of the University of California, San Francisco.

Its sister school, the University of California, Los Angeles discovered in December of last year that a hacker had been exploiting an undetected security hole in a school database for more than a year. The network contained the personal information of 800,000 people, including current and former students, faculty, staff and applicants.

Last month, Texas A&M University alerted nearly 100,000 network users to change passwords after hackers attempted to access university accounts.

Ohio University sent out more than 300,000 notices in May 2006 after a server breach.

The University of Arizona and the University of Texas at Austin are other high-profile college breach victims.

main page ATTRITION feedback