Breach, Data Security, Vulnerability Management

Hackers break into sensitive Purdue University server


A computer server containing the personal information of thousands of former Purdue University students was accessed by hackers.

How many victims? 7,093.

What type of personal information? Social Security numbers.

What happened? Hackers on April 5, 2010 broke into a university server containing course records from 2000 through the summer session of 2005. 

Details: School officials said there is no evidence that the sensitive information was accessed. Instead, they believe the hackers aimed to use the infected computer system to attack other servers.

Quote: “Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution," Laszlo Lempert, head of the Department of Mathematics, said in a statement. "We regret the breach occurred, and we've taken extensive measures to prevent this from happening again."

What was the response?  The school on Monday mailed notification letters to affected individuals. Though the breach occurred over a year ago, it took school officials until June to sort through the information on the server and identify the extent of the breach. The Indiana Attorney General's office has been notified.

Source:, Journal and Courier, “Purdue warns ex-students of data breach,” Aug. 17, 2011.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.