[ISN] Ohio U. alumni at risk for identity theft

InfoSec News isn at c4i.org
Tue May 2 04:44:13 EDT 2006 

http://www.cantonrep.com/index.php?ID=283728

By Melissa Griffy Seeton 
REPOSITORY EDUCATION WRITER
May 2, 2006 

Bob Tscholl has contributed to Ohio University in many respects: He's 
a Bobcat as are his three children.

A recent security breach may mean he'll give a little more.

But the Canton attorney has faith the university will do all it can to 
prevent that.

"It kind of goes with the territory," Tscholl said. "Anytime you 
belong to an organization nowadays, you have to be aware there is some 
risk ... . I'm not too concerned."

Ohio University President Roderick McDavis announced at a press 
conference Monday that he, too, is among the more than 300,000 alumni 
and friends of Ohio University - not current students - whose personal 
information may have been compromised when unauthorized access was 
gained to a computer system supporting alumni relations.

"We are doing everything in our power to reduce the impact of this 
data theft," Ohio University Associate Provost for Information 
Technology and Chief Information Officer Bill Sams said in a press 
release. "At this point, we have no evidence of illegal use of the 
breached information."

The breached computer system contained biographical information on 
more than 300,000 individuals and organizations, including the Social 
Security numbers of more than 137,000 people, according to university 
officials. The files did not contain credit-card or bank information.

The security violation was discovered on April 24 when, according to 
Sams, "The university immediately began assessing the situation to 
determine its extent. Once it became clear that personal information 
was involved, we began the process of notifying the affected 
individuals."

University officials were unable to confirm Monday how many Ohio 
University alumni are from the Stark County area. A search of recent 
college graduates revealed 12 local residents graduated from the 
school in December and eight received diplomas last May.

The FBI is investigating the incident, and university officials said 
the college will hire an outside consultant to conduct a risk 
assessment of its computer information systems.

A separate security breach occurred at the college on April 21, when 
office files were compromised at its Technology Transfer Department. 
The files included e-mails, patent and intellectual property files. 

Ohio University is at least the third college that has announced in 
recent months unauthorized access was gained to confidential 
information. 

In September, two computers were stolen from Kent State University 
offices. The computers contained the names and Social Security numbers 
of practically every student and instructor since 2002, and every 
graduate since 1988.

And, in August, Web site security was breached at Stark State College 
of Technology. Students couldn't access their own personal information 
- such as their grades or student loans - instead the personal 
information of another student was shown, including Social Security 
numbers. College officials said the incident was not the result of a 
hacker, but a computer software glitch.

Reach Repository writer Melissa Griffy Seeton at (330) 580-8318 or 
e-mail: melissa.griffy @ cantonrep.com

-=-

COULD I BE AFFECTED?

Ohio University is sending e-mails and letters to people who may have 
been affected by the security breach. 

As a precaution, the university will not request personal information 
electronically as part of this notification. The university cautions 
people to not disclose personal information if they receive an e-mail 
- even if it appears to come from the university.

The university has established a Web page at www.ohiou.edu/datatheft 
to provide detailed information, and a toll-free hotline at (800) 
901-2303.

Source: Ohio University

-=-

PROTECT YOURSELF FROM IDENTITY THEFT

Ohio University recommends that alumni protect themselves from the 
security breech by:

-- Obtaining a free credit report from Equifax (800) 525-6285, 
Experian (888) 397-3742 and TransUnion (800) 680-7289.

-- Calling these three credit reporting agencies to place fraud alerts 
lasting 90 days on credit inquiries.

-- Monitoring credit accounts for any unusual activity during the next 
several months.

Source: Ohio University

©2006 The Repository

More information about the ISN mailing list