BreachExchange mailing list archives
The silence is ‘deafening’ on Ohio State’s data breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 23 Apr 2011 02:25:43 -0400
http://www.studentfreepress.net/archives/8278 More than four months after Ohio State revealed the largest data breach in higher education history, officials responsible for protecting the university’s electronic information remain silent as evidence of internal disputes arise and the investigation continues. On Oct. 22, the university discovered that a server, which fell under the responsibilities of the Office of the Chief Information Officer, had been breached and the identities of about 760,000 people had been jeopardized. On Dec. 15, the university notified current and former faculty, students, applicants and others affiliated with the university that a hacker had accessed the server containing their names, dates of birth, addresses and Social Security numbers. However, Kathleen Starkoff, the university’s Chief Information Officer and Steve Romig, associate director of Information Technology security in the CIO’s office, have no email records containing the phrase “data breach” before Dec. 5, according to documents obtained by The Lantern through open records requests. Obscurity shrouds the issue, as university spokesman Jim Lynch serves as OSU’s voice on this matter. Contacts from the university’s IT department, including Starkoff, Romig and Charles Morrow-Jones, director of IT security, refused comment and referred The Lantern to Lynch. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- The silence is ‘deafening’ on Ohio State’s data breach Jake Kouns (Apr 25)