Ohio State announced Monday the personal data, including Social Security numbers, of more than 14,000 current and former faculty and staff members was stolen from a database in the university's Office of Research.
An unidentified hacker stole names, employee ID numbers, birth dates and Social Security numbers the weekend of March 31 to April 1, said university spokesman Jim Lynch.
An additional 3,500 current and former chemistry students had their names, Social Security numbers and grades stolen in late February when two laptop computers containing the information were stolen from professor Robert Coleman's home, according to a press release.
The two incidents were unrelated and Lynch said the most recent attack was far more serious.
"The information stolen from the Office of Research was the most serious security breach to date," he said.
According to Lynch, information about the February theft was not released until yesterday because officials wanted to make sure they had the victims' correct contact information and it took several weeks to identify what kind of records were stored on the laptops.
"We worked to research what types of records were stolen and to identify the victims, which was difficult because many of them are past students," he said. "The process takes time."
All those impacted by the thefts were notified by a letter sent out by the university Sunday, Lynch said.
Robert Perry, a physics professor and executive member of the Faculty Council, said the incident was disturbing and raised questions about the university's use of Social Security numbers as student ID numbers.
"I do think we need to stop using student Social Security," Perry said. "I don't know why they still do it that way. The faculty can be cautious, but there's nothing you can do to make it impossible."
According to a Web site dedicated to studying college information technology,
campuscomputing.net, more than half of public and private universities and public four-year colleges reported attacks on their campus networks in 2006.
"It's unfortunate, but there have been a number of data breaches across the country," Lynch said.
Lynch said OSU is working with the Virginia-based company Cybertrust to help look into further possible security measures.
"An incident of identity theft is a hassle, but it's not that serious," said Perry, whose identity was stolen 10 years ago.
Victims of both incidents have been offered 12 months of free credit protection and the university has established an informational Web site and hotline for victims to learn more.
Anyone with questions can call (866) 515-9332 or employees can go to
cio.osu.edu/secureinfo/research and students can go to
cio.osu.edu/secureinfo/chem.
Mary Dannemiller can be reached at dannemiller.24@osu.edu.
2008 Woodie Awards
Viewing Comments 1 - 1 of 1
Anonymous
posted 4/19/07 @ 9:19 AM EST
Here's a tip: What was the Research Foundation doing with that data? Why wouldn't OIT give them only the data they had a business use for? Ask the questions and see where it leads. (Continued…)
Post a Comment