Breach, Data Security, Vulnerability Management

Officials investigate scope of Emory University breach

Health information and Social Security numbers are among data that may have been compromised for faculty, staff and students in a data breach at Emory University in Atlanta.

How many victims? Unknown, but total student enrollment was 14,236 in fall 2012, and the university employs 27,747, as of September 2012.

What type of personal information? Protected health information and Social Security numbers are among the data that may have been compromised.

What happened? An investigation is ongoing, but Emory officials called the incident a "breach of its information technology infrastructure" and are likening it to similar events reported recently by academic institutions and large organizations.

What was the response? The university is working collaboratively with information security consultants and law enforcement to determine the source and impact of the breach. Officials notified students, faculty and staff, recommending anyone with an Emory University netID/username to change their password. Security officials are upgrading systems to further defend against attacks.

Details: Letters were sent to staff, faculty and students on Aug. 8. Further information could not be provided due to the ongoing nature of the investigation.

Quote: “We are not aware at this time of any protected health information or Social Security numbers being compromised. We do not have any indication at this time that Emory Healthcare IT systems have been affected,” according to the letter, written by the university's Chief Information Officer Rich Mendola and Chief Information Security Officer Brad Sanford.

Source: Emory University news center,, “University issues information security alert,” Aug. 9, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.