760,000 Notified by Ohio State University Concerning Security Breach

Past and present faculty and staff members, students and applicants information at risk

2 min read

Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management.

760,000 Notified by Ohio State University Concerning Security Breach

Ohio State University (OSU) has begun this week sending out letters to 760,000 past and present students, faculty, staff members and applicants informing them "that a university computer server was illegally accessed by unauthorized individuals."
OSU's press release goes on to state that the university does not believe any information was taken, but just in case, the university will offer 12 months free credit protection services to those involved.
The press release goes on to say:

 "In late October, the university discovered that unauthorized individuals logged into an Ohio State server that housed personal information for approximately 760,000 individuals including current and former faculty, staff, and students, as well as applicants and other individuals affiliated with the university such as consultants and contractors. That server includes names, Social Security numbers, dates of birth and addresses. No OSU Medical Center patient records or student health records were involved."

Forensic analysis of the breach indicated that while no one's information was taken, there was evidence "that the purpose of the unauthorized access was to launch cyber attacks."
In related college IT-security news, late last week the University of Hawaii announced that it has hired Cedric Bennett, Director Emeritus, Information Security Services at Stanford University to evaluate and recommend improvements to the university's information security practices.

According to this article in the Honolulu Star Advertiser, over 260,000 University of Hawaii confidential records have been exposed since 2005. Nearly 100,000 have been exposed this year alone.

For instance, July of 2010, a hacker was able to breach security at a University of Hawaii parking office computer server that held information on 53,000 individuals, including some 40,870 Social Security numbers and information from 200 or more credit cards.

Then in October of this year, more than 40,000 detailed records of former students including their Social Security numbers, citizenship, marital status and addresses were found to have been inadvertently posted online by a faculty member for almost a year. A privacy policy institution discovered the information and notified the University about it.

A former student has filed a class-action lawsuit against the University of Hawaii for negligence in regard to the parking office breach, claiming in part that his identity has been stolen because of the breach.

The Conversation (0)