The Red and Black

Issue date: 1/9/08 Section: News

JACKSON

An overseas hacker broke into a University server in December, possibly exposing 4,250 Social Security numbers.

The University is investigating the breach, which occurred between Dec. 29 and 31. The server that was compromised contained Social Security numbers, names, and addresses for prospective, current and former residents of graduate family housing, according to a news release issued Tuesday afternoon.

Vice President for Public Affairs Tom Jackson said a department head working during winter break noticed "a page showing something that shouldn't be there."

"Somebody had tried to break in ... but there is no evidence that the numbers have been used. The person may have been there and not known what they had," Jackson said in a telephone interview Tuesday afternoon.

He said the University will notify all students whose information may have been exposed through e-mail and snail mail.

The University has several security patches and firewalls in place to protect its servers from this kind of breach, Jackson said, but these defenses occasionally fail to prevent hackers from accessing information.

"This happens from time to time, and there is no guarantee that you can prevent any kind of break in," Jackson said.

He added Social Security numbers must be used as student identifiers in certain situations, such as housing applications. But, he said, the University did not need to keep Social Security numbers from past years.

In 2006, administrators told The Red & Black the University will replace all Social Security numbers with another identifying number by 2009 or 2010.

Efforts to replace Social Security numbers with another identifying number began in Fall 2007, when the University began encouraging the use of student ID numbers on tests and instructors began using the numbers on class rolls. These numbers, which are called "810 numbers," can be found on the lower portion of students' UGACARDs.

The University conducted a public relations campaign to encourage a commitment to using identifying numbers other than Social Security numbers.

Bert DeSimone, associate director of Enterprise Information Technology Services, said the University is conducting an "ongoing investigation" to determine what happened during December's breach.

This security lapse marks the fourth time hackers have broken into the University's databases in the past three years. The last incident occurred in February 2007 and exposed 3,500 student Social Security numbers.

Those who think their data may have been compromised in December can visit two Web sites to find more information on identity theft prevention.

In the news release, Stan Gatewood, the University's chief information security officer, encouraged those affected to visit www.consumer.gov/idtheft or www.stopidentitytheft.org.

The Social Security number is the most commonly used identifying number in the U.S. Access to Social Security numbers can give hackers the opportunity to retrieve financial accounts and ruin students' credit, according to a story published in September 2006 in The Red & Black.

Page 1 of 1

Article Tools