College reports computer security breach

May 12, 2007

From May 5 to 7, a Goshen College computer was remotely accessed by a "hacker" with the suspected motivation of using the system to send spam e-mails, Goshen College officials said Friday.

The improper access involved a database containing information on about 7,300 current or prospective students, from fall 2003 to the present, as well as some of their parents.

The breach of the college.s computer security systems may have allowed a hacker to view the names, addresses, birth dates, Social Security numbers and phone numbers of students and some information on some parents.

Upon discovery of the attack, law enforcement was notified. While no data loss is suspected, Goshen College officials sent letters to students and parents who may have been affected.

"We take this attack seriously and we regret that it happened," said Goshen College President James E. Brenneman, "We are doing everything we can to assess the potential damage and to assist those who may have been affected."

In addition, Brenneman noted that college personnel are informing the major credit-reporting agencies regarding the potential compromise as well as providing information to those at risk on how they can monitor their credit reports for suspicious activity.

Besides notifying the major credit-reporting agencies, college officials have also provided students and parents with recommendations from independent sources and various government agencies concerning steps to take after suspected unauthorized access to personal information.

The unwanted access began on Saturday, May 5, when an outside computer "hacker" remotely accessed a computer. This computer then was used to attack additional computers, according to Michael Sherer, director of Information Technology Services.

"Based on activity in log files, we believe the hacker.s motive was to gain access to our computers, which could then be used to send out e-mail spam - not to obtain our confidential data," Sherer said. "Our best assessment is that no data was lost, but we are continuing to investigate this incident."

"Our staff immediately addressed this security breach. Goshen College has implemented additional internal controls and safeguards for personal information," Sherer said.

main page ATTRITION feedback