Carnegie Mellon business school notifies 19,000 of breach

Carnegie Mellon University's Tepper School of Business has sent out 19,000 notices to students, faculty and graduates about a security breach that may have exposed their personal data.

University security technicians discovered that some computers at the business school had been breached April 10, when they spotted unusual activity on the systems, according to a statement on the university's web site.

"We have no evidence that personal information on breached systems has been used for illegal or malicious activities," officials said.

Personal information included in the databases that may have been accessed include: Social Security numbers and grades of master's alumni class of 1997 through 2004; job offer data for master's alumni class of 1985 through 2004; contact information all alumni may have entered into an alumni directory; and Social Security numbers and application data for doctoral alumni, class of 1998 through 2004.

"People need to realize that any number of institutions and commercial organizations have their personal data. It's not just the ChoicePoints of the world," said Joseph Ansanelli, CEO of security firm Vontu.

"A Social Security number at a bank or a school or a utility company has the same value and needs to be protected in the same way- both from malicious outside attacks as well as from exposure through insider leaks," he said.

The Tepper breach follows several other similar incidents that exposed personal data at universities, including UC Berkeley.

As reported in SC Magazine earlier this week, 1.4 million credit card and 96,000 check transaction details have been stolen from a U.S. retailer DSW Shoe Warehouse.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.