May 11, 2006 7:00 PM PDT

Ohio University suffers security breaches

Related Stories

Man charged with hacking USC database

April 20, 2006

Notre Dame probes hack of computer system

January 23, 2006

Schooled in security

August 18, 2005
Data thieves may have plundered Social Security numbers and other private information--including health records--belonging to students and faculty at Ohio University following three separate computer intrusions at the school.

According to a message posted on the school's Web site, more than 200,000 people may have been victimized, including past and present students as well as school employees.

Administrators also suggested that more thefts may be uncovered as investigators continue to review computer systems campuswide.

While this is only the latest in a long string of electronic attacks on the nation's universities, the case appears to be unprecedented because of the number of data thefts discovered at one time at one school.

As part of its investigation, the university said on its Web site, it has sought the help of the FBI, forensic consultants and other universities that have suffered similar intrusions "to improve the security of data and IT resources" throughout the university.

"E-mails and letters have been or are being sent to all constituents whose personal information may have been compromised," the school said in a statement.

Last month, the FBI alerted the university's administration that a server within the school's Technology Transfer Department had been compromised. Little personal information was believed to be lost in that breach, but a second breach was found three days later on April 24.

The school's electronic-security team discovered that a server within alumni relations had been commandeered and was being used in a denial of service attack. The Social Security numbers of about 137,000 people were stored in that server.

On Thursday, the school announced that it had found a third intrusion at its health center involving 60,000 people including all current students as well as some school faculty.

In addition to Social Security numbers, the compromised server in the health department held health records.

Last month, a 25-year-old San Diego man was charged with hacking into the University of Southern California's online application system and nabbing personal data from prospective students.

In January, the University of Notre Dame began investigating an electronic break-in that may have exposed the personal and financial information of school donors.

See more CNET content tagged:
social security number, Social Security, faculty, university, school

5 comments

Join the conversation!
Add your comment
Lovely more bad news from Ohio
you never hear anything good about Ohio. If you lived there you'd know why.
Posted by Mr. Network (92 comments )
Reply Link Flag
New @ Frosh Orientation-ID Theft 101
Universities and Financial Institutions seem to be the biggest entities plagued by ID theft. Maybe higher ed should have a new seminar during Freshmen Orientation - ID Theft 101: protect your info, because we can't.
<a class="jive-link-external" href="http://www.iwantmyess.com/?p=53" target="_newWindow">http://www.iwantmyess.com/?p=53</a>
Posted by marileev (292 comments )
Reply Link Flag
Decades Of Using SSN As Student ID#
Anyone who went to college within the past few decades, or took a night class at a community college, is at risk from the educational institution. The only way to put a stop to this is to pass a Federal law that requires these institutions to expunge all traces of SSNs from student/alum databases and replace them with made-up student IDs. Alums should refuse to make donations to their alma until their SSNs are expunged. After a few months of donor draught, these institutions would quickly make the necessary changes.
Posted by Stating (869 comments )
Reply Link Flag
Windows XP
According to Netcraft, these guys are running Windows on the
server.

So, they get what they wanted by using an insecure OS.

Argue this point, please. Also argue here:

<a class="jive-link-external" href="http://www.network54.com/Forum/7505/" target="_newWindow">http://www.network54.com/Forum/7505/</a>
Posted by fakespam (239 comments )
Reply Link Flag
Can you reference the Netcraft info?
Since Windows XP is a client OS, I doubt they're using it as a server. And if it's an older OS, the story from other sources is that they thought it was offline, so they wouldn't have kept up with patches and such.
Posted by Unreal City (2 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.