The silence is ‘deafening’ on Ohio State’s data breach

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.studentfreepress.net/archives/8278

More than four months after Ohio State revealed the largest data
breach in higher education history, officials responsible for
protecting the university’s electronic information remain silent as
evidence of internal disputes arise and the investigation continues.

On Oct. 22, the university discovered that a server, which fell under
the responsibilities of the Office of the Chief Information Officer,
had been breached and the identities of about 760,000 people had been
jeopardized.

On Dec. 15, the university notified current and former faculty,
students, applicants and others affiliated with the university that a
hacker had accessed the server containing their names, dates of birth,
addresses and Social Security numbers.

However, Kathleen Starkoff, the university’s Chief Information Officer
and Steve Romig, associate director of Information Technology security
in the CIO’s office, have no email records containing the phrase “data
breach” before Dec. 5, according to documents obtained by The Lantern
through open records requests.

Obscurity shrouds the issue, as university spokesman Jim Lynch serves
as OSU’s voice on this matter.

Contacts from the university’s IT department, including Starkoff,
Romig and Charles Morrow-Jones, director of IT security, refused
comment and referred The Lantern to Lynch.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/