[ISN] Ohio U. alumni at risk for identity theft

From: InfoSec News (isn@private)
Date: Tue May 02 2006 - 01:44:13 PDT


By Melissa Griffy Seeton 
May 2, 2006 

Bob Tscholl has contributed to Ohio University in many respects: He's 
a Bobcat as are his three children.

A recent security breach may mean he'll give a little more.

But the Canton attorney has faith the university will do all it can to 
prevent that.

"It kind of goes with the territory," Tscholl said. "Anytime you 
belong to an organization nowadays, you have to be aware there is some 
risk ... . I'm not too concerned."

Ohio University President Roderick McDavis announced at a press 
conference Monday that he, too, is among the more than 300,000 alumni 
and friends of Ohio University - not current students - whose personal 
information may have been compromised when unauthorized access was 
gained to a computer system supporting alumni relations.

"We are doing everything in our power to reduce the impact of this 
data theft," Ohio University Associate Provost for Information 
Technology and Chief Information Officer Bill Sams said in a press 
release. "At this point, we have no evidence of illegal use of the 
breached information."

The breached computer system contained biographical information on 
more than 300,000 individuals and organizations, including the Social 
Security numbers of more than 137,000 people, according to university 
officials. The files did not contain credit-card or bank information.

The security violation was discovered on April 24 when, according to 
Sams, "The university immediately began assessing the situation to 
determine its extent. Once it became clear that personal information 
was involved, we began the process of notifying the affected 

University officials were unable to confirm Monday how many Ohio 
University alumni are from the Stark County area. A search of recent 
college graduates revealed 12 local residents graduated from the 
school in December and eight received diplomas last May.

The FBI is investigating the incident, and university officials said 
the college will hire an outside consultant to conduct a risk 
assessment of its computer information systems.

A separate security breach occurred at the college on April 21, when 
office files were compromised at its Technology Transfer Department. 
The files included e-mails, patent and intellectual property files. 

Ohio University is at least the third college that has announced in 
recent months unauthorized access was gained to confidential 

In September, two computers were stolen from Kent State University 
offices. The computers contained the names and Social Security numbers 
of practically every student and instructor since 2002, and every 
graduate since 1988.

And, in August, Web site security was breached at Stark State College 
of Technology. Students couldn't access their own personal information 
- such as their grades or student loans - instead the personal 
information of another student was shown, including Social Security 
numbers. College officials said the incident was not the result of a 
hacker, but a computer software glitch.

Reach Repository writer Melissa Griffy Seeton at (330) 580-8318 or 
e-mail: melissa.griffy @ cantonrep.com



Ohio University is sending e-mails and letters to people who may have 
been affected by the security breach. 

As a precaution, the university will not request personal information 
electronically as part of this notification. The university cautions 
people to not disclose personal information if they receive an e-mail 
- even if it appears to come from the university.

The university has established a Web page at www.ohiou.edu/datatheft 
to provide detailed information, and a toll-free hotline at (800) 

Source: Ohio University



Ohio University recommends that alumni protect themselves from the 
security breech by:

-- Obtaining a free credit report from Equifax (800) 525-6285, 
Experian (888) 397-3742 and TransUnion (800) 680-7289.

-- Calling these three credit reporting agencies to place fraud alerts 
lasting 90 days on credit inquiries.

-- Monitoring credit accounts for any unusual activity during the next 
several months.

Source: Ohio University

2006 The Repository

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts
from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Tue May 02 2006 - 02:00:57 PDT