Identities Hacked and Stolen from OSU

Even though it is just now being released, a hacker broke into a computer at the Ohio State University two weeks ago. The hacker stole the personal information of more than 14,000 former and current staff/faculty members. Apparently someone broke through the computer's firewall over the weekend of March 31 to April 1, while using a foreign internet address. The hacker was able to access a database from the Office of Research, which holds approximately 190,000 former and current employees of the University.

Chairman of the Faculty Council for OSU faculty members, Allan Silverman, stated he was going to begin looking into the incident today. The first question he wants answered is why the Office of Research had this particular database since their primary job is to work to obtain research grants.

The security breech was discovered April 2nd, the Monday after the hacker had entered the system. The office discovered that the system had been hacked while performing their routine review of the daily activity logs. They found that 7,160 former and 6,934 current faculty members' files were hacked. Once the intrusion was detected steps were taken immediately to block access to the data, even though it was possibly too little too late.

In another incident, two laptops were stolen from a Professor Robert Coleman's home in late February. Coleman stated that he had "transferred the contents of one laptop onto a new second laptop before they were both stolen". The laptops contained the personal information of approximately 3,500 Ohio State chemistry students. The personal information of the students included grades and social security numbers.

It took the representatives at the University until last Saturday, April 14th, to send out letters of apology to the staff and students whose personal information had been stolen. Ohio law states that victims of computer security breaches must be notified within 45 days from which the discovery was initially made. The University's spokesman, Jim Lynch, stated that "those that were affected by the theft will be offered a free year of credit protection from a private company to help them guard against the criminal misuse of their identities".

Experts have stated that Universities tend to be the target of identity theft since they tend to use Social Security numbers as identifiers. Just last year Ohio University in Athens, Ohio found three major security breaches over several months time. One of the breaches showed that the hacker had access to Social Security numbers of nearly 137,000 student alumni.

We live in a world of technology that has its advantages as well as its downfall. More companies and colleges are either tightening their security policies or changing what information they store. However the questions still remains; when will the blatant lack of security at both colleges and major companies end? When will policies be changed to protect the innocent? And shouldn't more be offered to the identity theft victim besides an apology and a free year of protection, especially if they do fall victim to their identity being misused? Hopefully over time more regulations will be put into place that will protect us as students, employees, and consumers. Until then it will remain up to us to keep one eye on our own personal credit records.

*Sources*

-Columbus Dispatch Online. URL: http://columbusdispatch.com/dispatch/content/local_news/stories/2007/04/17/osubreach.ART_ART_04-17-07_D1_106DHQU.html. Bush, Bill. 2007Apr17.