Ohio State University (OSU) has begun this week sending out letters to 760,000 past and present students, faculty, staff members and applicants informing them "that a university computer server was illegally accessed by unauthorized individuals."
OSU's press release goes on to state that the university does not believe any information was taken, but just in case, the university will offer 12 months free credit protection services to those involved.
The press release goes on to say:
"In late October, the university discovered that unauthorized individuals logged into an Ohio State server that housed personal information for approximately 760,000 individuals including current and former faculty, staff, and students, as well as applicants and other individuals affiliated with the university such as consultants and contractors. That server includes names, Social Security numbers, dates of birth and addresses. No OSU Medical Center patient records or student health records were involved."
Forensic analysis of the breach indicated that while no one's information was taken, there was evidence "that the purpose of the unauthorized access was to launch cyber attacks."
In related college IT-security news, late last week the University of Hawaii announced that it has hired Cedric Bennett, Director Emeritus, Information Security Services at Stanford University to evaluate and recommend improvements to the university's information security practices.
According to this article in the Honolulu Star Advertiser, over 260,000 University of Hawaii confidential records have been exposed since 2005. Nearly 100,000 have been exposed this year alone.
For instance, July of 2010, a hacker was able to breach security at a University of Hawaii parking office computer server that held information on 53,000 individuals, including some 40,870 Social Security numbers and information from 200 or more credit cards.
A former student has filed a class-action lawsuit against the University of Hawaii for negligence in regard to the parking office breach, claiming in part that his identity has been stolen because of the breach.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.