BreachExchange mailing list archives
Purdue warns 2400 that SSNs were revealed
From: Chris Walsh <cwalsh () cwalsh org>
Date: Fri, 22 Sep 2006 18:36:34 -0500
Purdue Notifies Students of Potential Security Breach Via http://www.insideindianabusiness.com/newsitem.asp?ID=19775 InsideINdianaBusiness.com Report 9/22/2006 4:32:49 PM Purdue University is notifying more than 2,400 people that were students in 2000 that a computer containing their personal information may have been accessed remotely by unauthorized people. The possible breach was discovered during a security check of an administrative workstation in the Department of Chemistry. Officials say software may have been installed remotely on the hard drive to permit the files containing names and social security numbers to be downloaded. Source: Inside INdiana Business Press Release WEST LAFAYETTE, Ind. - Purdue University is informing people who were students in 2000 that a single desktop computer containing information about them may have been accessed by unauthorized individuals. The possibility was discovered this month during a security check of an administrative workstation in the Department of Chemistry. The incident involved a file dated Feb. 4, 2000, that contained personal identifying information, including Social Security numbers, names, school, classification, major and e-mail addresses for 2,482 students. A total of 2,672 records were involved, but some did not contain Social Security numbers. According to a preliminary analysis of the computer, an unauthorized person may have gained access to the hard drive remotely and installed software that would have permitted files to be downloaded. "We have no direct evidence that any unauthorized person viewed or downloaded data, but we know that the computer had been compromised," said Jeffrey Vitter, dean of the College of Science, in which the chemistry department is located. "We are trying to alert every individual whose information was in the file." Because the information in the document is six years old, the College of Science worked with the Purdue University Development Office to acquire current addresses. Anyone who does not receive a letter but believes he or she may have been in the affected group can contact Purdue at (866) 307-8520 to inquire. More information about the incident also is available online. At the site, there are links to the Federal Trade Commission, where a complaint about fraud or identity theft can be filed, as well as links to apply for a credit report. [....] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 361 incidents over 6 years.
Current thread:
- Purdue warns 2400 that SSNs were revealed Chris Walsh (Sep 22)