The Ohio State University (OSU) has notified hundreds of thousands of students and faculty members that their personal information was compromised by hackers who broke into a campus server. There is no evidence the data was stolen, however.
How many victims? 760,000.
What type of personal information? Names, Social Security numbers, dates of birth and addresses. No OSU Medical Center patient records or student health records were involved.
What happened? The intrusion was confirmed last month, but the university did not disclose how the hackers were able to access the server because the incident is still under investigation. University police do not currently know who hacked the system.
An investigation revealed that the unauthorized access was used for launching cyberattacks on other businesses, the university said. There is no evidence that the data was stolen.
Details: Current and former faculty, students and applications as well as other individuals affiliated with the university could be affected.
Quote: “We regret that this has occurred and are exercising an abundance of caution in choosing to notify those affected,” said OSU Provost Joseph Alutto.
What was the response? The university has notified affected individuals, who have been offered one year of free credit protection services. The university has hired two computer security consulting firms to forensically investigate the incident and help improve security. As a result of the breach, OSU is seeking to strengthen its IT systems.
OSU has suffered several other smaller beaches over the past few years.
In 2007, two separate incidents left the personal information of 17,500 students, faculty members and staff compromised. In 2008, the university notified 18,000 current and former students after it was discovered that their personal information was inadvertently posted online. And last year, 350 OSU Dining Services student employees had their Social Security numbers leaked in an e-mail.
The latest breach is expected to cost the university $4 million in expenses related to investigative consulting, beach notification and credit card security.
Sources: http://www.thelantern.com, The Lantern, “Hacked: Data breach costly for Ohio State, victims of compromised info,” Dec. 15, 2010.
http://www.osu.edu/creditsafety/, Ohio State University Credit Safety.