Ohio University sends server breach notices

Ohio University sent out the first of more than a quarter-million notices of a server breach that compromised the personal information of more than 300,000 people and organizations last week.

The university and the FBI are still investigating the incident.

The Athens, Ohio, college on Monday began sending out about 235,000 letters to affected parties to complement 65,000 emails sent last week, university spokesman Jack Jeffrey said today.

In addition, the school has hired Internet Security Systems to "conduct a comprehensive audit of all of the university's computer systems to improve data security and determine if there are any further breaches," Jeffrey said.

The university discovered the breaches on April 24 after network administrators noticed the server was being used to launch DoS attacks against an outside target, he said.

The compromised server contained the personal information of alumni and friends, in addition to faculty and staff hired prior to January 2004, according to the university website. The breach compromised the Social Security numbers of 137,000 people, although no credit card numbers or personal financial information was exposed.

There are no indications that the personal information has been used for any criminal wrongdoing, Jeffrey said.

Colleges have provided increasing targets for hackers.

Last month, hackers compromised computer databases at the McCombs School of Business at the University of Texas at Austin, exposing some 197,000 personal records of students, alumni, staff and admissions applicants.

Of the records, at least 106,000 contained Social Security numbers and names. The source of the breach remains under investigation. A similar incident occurred about three years ago when a former UT student accessed protected computers and stole Social Security numbers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.