January 10, 2005 11:12 AM PST

Hackers steal ID info from Virginia university

George Mason University confirmed on Monday that the personal information of more than 30,000 students, faculty and staff had been nabbed by online intruders.

The attackers broke into a server that held details used on campus identity cards, the university said. Joy Hughes, the school's vice president for information technology, said in an internal e-mail sent over the weekend and seen by CNET News.com that "the server contained the names, photos, Social Security numbers and (campus ID) numbers of all members of the Mason community who have identification cards."

Hughes warned that campus community members should contact the major credit bureaus to flag their accounts for possible identity fraud. "It appears that the hackers were looking for access to other campus systems rather than specific data," Hughes wrote. "However, it is possible that the data on the server could be used for identity theft."

George Mason is a public university located in Fairfax, Va., a suburb of Washington, DC, with smaller campuses in Arlington, Va., and Prince William County. It reported 26,796 students enrolled as of fall 2002, and 3,908 faculty and staff members.

It also is home to the Information Security Institute, the Lab for Information Security Technology and the Center for Secure Information Systems, which has been designated a "Center of Academic Excellence" by the U.S. National Security Agency.

Last year, George Mason said it would cease to print Social Security numbers on campus ID cards and would instead generate unique "G numbers" for each student and each member of faculty and staff.

That was in reaction to a Virginia state law, enacted as a response to identity fraud concerns, that required state agencies and universities to change their practices. But the server with the ID card information still stored Social Security numbers in its database, according to the George Mason e-mail.

"We felt that the information there was secure," George Mason spokesman Daniel Walsch said on Monday. The school discovered the breach on Jan. 3 and university police are investigating, he said.

George Mason is not alone among universities in suffering a security breach. Two years ago, online intruders broke into a server containing the credit card numbers of some 57,000 patrons of a Georgia Institute of Technology arts and theater program, while others lifted more than 55,000 Social Security numbers from computers at the University of Texas at Austin. Last year, more than 1 million California residents had their personal information leaked thanks to a pair of incidents at UCLA and the University of California at Berkeley.


Join the conversation!
Add your comment
Start executing and it'll stop.
Start executing the scums who likes to make life miserable for others and you'll see how fast these identity theft ********* STOP.
Posted by (75 comments )
Reply Link Flag
Alright. Go Barbarianism!
Honestly, you would rather see violence wasted on people like this? Why not murderers, rapists and child molesters instead? Don't you think that would be a much better alternative?

Why not have these universities set up FIREWALLS?
Come on now. If your system can be breached by someone, then you're obviously not switching things up often enough to even deserve having a system installed.

Cybercrime only happens because we've become too lazy and too trusting of MicroSoft servers and not of something called PAPER AND A PEN.
Posted by (461 comments )
Link Flag
Not Windows
Most schools and universities dont use Windows on their back end. Many are running Banner which is running Unix based system

Kieran Mullen
Posted by kieranmullen (1070 comments )
Reply Link Flag
Yes, it is Windows

At least according to SecurityFocus News, the machines that were compromised are running Windows:

<a class="jive-link-external" href="http://www.securityfocus.com/news/10259" target="_newWindow">http://www.securityfocus.com/news/10259</a>
Posted by Theosophe74 (13 comments )
Link Flag
It WAS Microsoft
Fron the Washingtom Post today:
"University spokesman Daniel Walsch said yesterday that the intrusion was discovered Jan. 3 by the department that manages campus computer systems. The database also included names, school identification numbers and photographs....
Walsch said the data were housed on computers running Microsoft Windows systems."
Posted by (1 comment )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.