On TechRepublic: FREE download: Social networking policy
BNET Business Network:
BNET
TechRepublic
ZDNet
35 TalkBacks

By Matt Hines
Posted on ZDNet News: Mar 17, 2005 5:22:00 PM

Boston College is fighting against an attack on its fund-raising databases, which may have exposed the personal data of more than 100,000 alumni.

College representatives said Thursday that the school was the target of a virus attack on a computer housed in a campus calling center used by students to solicit donations from alumni. According to Boston College spokesman Jack Dunn, the machine in question is managed by a third-party IT service, which the school has chosen not to publicly identify.

Dunn said the company noticed a spike in the computer's activity during a routine maintenance operation and discovered a virus on the device that was attempting to use the database to launch attacks on other systems. The machine was then taken offline and examined in order to determine the extent of the attack.

No other computers were found to be affected by the virus, he said.

Although the investigation bore no evidence that hackers may have accessed alumni information stored on the database, which included individuals' Social Security numbers and other personal details, the school decided to inform all the people whose records may have been compromised.

The college has not received any reports of identity fraud related to the incident, Dunn said, but he noted that the school wanted to be cautious and inform the alumni of the potential for such attacks.

"We thought it was necessary to send out the precautionary advisory to alert the alumni and to offer them steps that they could take to ensure their privacy," he said.

In addition to sending warning letters to affected alumni, Boston College also has created a Web site and telephone hotline to handle inquiries into the break-in.

Dunn said the college will also purge individuals' Social Security numbers from all of its records in the future. He said schools have long used the identifiers to keep track of people in a number of ways but noted that increasing concerns over the security of computing systems used to store the information have caused the college and others to review the policy.

Boston College's potential data leak follows a similar incident at Virginia's George Mason University in January, in which hackers gained access to the personal information, including Social Security numbers, of more than 30,000 students, faculty and staff. As a result of the attack, the university promised to change the manner in which it uses Social Security numbers to identify people, including striking the codes from its campus IDs.

Consumer data protection issues have been thrust into the spotlight over the last month, as high-profile break-ins at companies such as ChoicePoint and a subsidiary of LexisNexis have exposed flaws in the defense systems and business policies of so-called data brokers.

Politicians such as U.S. Sens. Patrick Leahy and Dianne Feinstein, as well as independent privacy rights organizations have used those incidents as an opportunity to call for more comprehensive consumer data protection laws.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 35 Talkback(s)
Re:Stiffer penalties for everyone involved
>>Most companies are making profit from the data which is the main reason they use their resources to house it. If companies knew they'd be hit with huge fines, they'd take the necessary steps to secu... (Read the rest)
Posted by: Publius_z Posted on: 03/27/05 You are currently: a Guest | | Terms of Use
Why SS# on such a database?  WDS_z | 03/17/05
Re: Why SS# on such a database  merchant@... | 03/17/05
Blame the IRS  srm@... | 03/17/05
Why not create a crypto hash from the SS#, for instance?  ephelps | 03/17/05
That is their  lengua99 | 03/18/05
I thought ...  Henaway | 03/17/05
Flawed government execution.....  jlawrence50 | 03/17/05
SSN for Credit Check  20075880200550981536805084989909-zdavis | 03/17/05
re: SSN for Credit Check  cbradshaw@... | 03/17/05
I wonder what database it was  Sxooter_z | 03/17/05
Public Hangings  mike surel | 03/17/05
Yes Yes Oh Yes  AtomicFusion | 03/17/05
Punish Companies  kelliann | 03/17/05
How does punishing the victim work?  mike surel | 03/17/05
"punishing the victim"  ScottieB | 03/17/05
RE: "punishing the victim"  mike surel | 03/17/05
"reasonable precautions" has nothing to do with it  jiml8 | 03/17/05
It does happen though  drabarno@... | 03/18/05
Boston College reveals breach  stevem_001 | 03/17/05
Put the right people in charge  johns_z | 03/17/05
Re:Why SS# on such a database  jlow@... | 03/17/05
bo!!!!  shadow666 | 03/17/05
not really  jiml8 | 03/17/05
I have another idea....  rob.astleford@... | 03/17/05
Stop Data theft  blind1 | 03/17/05
Social Security Number  mooahdeeb | 03/18/05
Boston College  HynesJhn@... | 03/18/05
How to stop these data thief?s:  ilirjo | 03/18/05
What to do about it  jswift | 03/18/05
SRJC  andyjj1 | 03/19/05
This disaster could have easily been avoided.  matrixdomain | 03/19/05
When will these schools start using Solaris  FilledOut | 03/20/05
No such thing....  lcates@... | 03/21/05
Stiffer penalties for everyone involved  DLee_z | 03/21/05
Re:Stiffer penalties for everyone involved  Publius_z | 03/27/05

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline