Via SecurityProNews.com (April 18th) -
One incident took place in February, when two laptops were stolen from a professor's home. Those machines contained data about the chemistry students, including Social Security numbers and grades for students going back ten years.
A Columbus Dispatch report about the thefts said the other attack against a University computer took placed the weekend of March 31. Attackers from a foreign IP address broke into an Office of Research machine and accessed over 14,000 faculty and staff records.
The late February burglary of the two laptops and other items would normally have been reported to affected people in 45 days, per Ohio law. An Ohio State spokesperson said in the report that it took several weeks to figure out whose data was on the machines.
An advisory from the school's CIO said: "The University has worked hard to put into place measures to protect sensitive data, which makes this latest incident very unusual. "An ongoing investigation has found that the names, Social Security Numbers, employee ID's and dates of birth of 7,160 former and 6,934 current Ohio State faculty and staff were illegally retrieved by the hacker."
Universities have been attractive targets for attackers due to the completeness of the information they can retrieve, and the relative openness of university networks. Colleges have tended to use Social Security numbers as unique identifiers for students. That practice would put those numbers in multiple systems, and if one of those systems can be breached, there go the SSNs.
No comments:
Post a Comment