Hacker Accesses Identification Data from OSU
A hacker managed to access a computer of Ohio State University (OSU) two weekends ago to commit theft of data containing birth dates, Social Security numbers and employee ID numbers. They belonged to 14,000 current and ex-faculty staff, the university said on April 16, 2007.
In another incident, there was a theft of the same details of approximately 3,500 OSU former students of chemistry of a decade old batch. The information on grades and Social Security numbers of the students was on two laptops that disappeared from a professor's home in the last week of February 2007, according to the university.
With regard to the staff's personal details, Jim Lynch, a university spokesman said, a hacker used a foreign Internet address and gained access to a computer containing the information by breaking through its firewall. This happened during March 31-April 1 when the cyber thief stole 14,000 records belonging to a database of Office of Research. The database related to approximately 190,000 current and ex-university employees. The Columbus Dispatch published Lynch's statement on April 16, 2007.
The university discovered the breach on the following Monday, April 2, 2007, and officials immediately blocked access to the vulnerable data. The office became aware of the intrusion during a normal review of activity logs, the university said. The intrusion involved data of 6,934 current and 7,160 former faculty and staff members.
OSU contacted the staff and student victims via letters of apology on April 14, 2007, Lynch said. He further added that a private company would offer free credit protection for one year to the affected individuals to facilitate safeguard against manipulation of their personal information.
According to Lynch, university authorities were on a fast job of notifying every victim. As per Ohio law, state agencies must inform victims of software data theft within 45 days of the security breach's discovery.
Cyber thieves have been attacking universities to steal Social Security numbers that schools use as identifiers, experts say.
In 2006, hackers reached Social Security numbers of 137,000 former students of Ohio University in Athens. Recently UCSF may have also suffered similar data compromise.
Related article: Hacker & Virus in MySpace
» SPAMfighter News - 21-04-2007