Northwestern officials announced July 14 that sensitive personal information of students, faculty members and alumni had been compromised during a computer safety breach in May.
Hackers outside the university apparently accessed records located on nine desktop computers in the Office of Undergraduate Admission and Financial Aid. The records contained the names and personal information of about 17,000 NU students, faculty members and alumni.
When university technology support staff investigating the May security breach discovered the personal files might have been accessed, the desktop computers were shut down, said Alan Cubbage, vice president of university relations. It is not clear whether the hackers viewed personal information, Cubbage said.
“There is no indication that hackers viewed the Social Security numbers – these were not the main database servers for NU,” Cubbage said.
But NU sent letters out earlier this week to the 17,000 individuals whose information might have been compromised. The letters informed recipients of the security breach.
In the letter, University Relations also encouraged people to call one of three fraud checking services: Equifax, Experion or Trans Union.
Communication junior Ryan McIntosh received a letter from University Relations on Monday. Feeling nervous about the situation, he said he called Trans Union “literally the minute after I got my letter.”
While McIntosh’s information was safe – he doesn’t use a credit card and Trans Union staff told him hackers would have difficulty accessing his U.S. Bank and e-mail accounts without a password – he’s still worried about the security breach. He’s also angry.
“It’s ridiculous that we have to deal with this,” McIntosh said.
The university’s letter and press release also encouraged students to visit the Federal Trade Commission’s Web site (www.ftc.gov) or phone the organization to learn more about identity theft.
With identity theft a rising problem in the U.S., the FTC has recently launched it’s “Identity Theft: Deter, Detect, Defend” program. The program details the dangers of identity theft, which range from being held responsible for delinquent bank accounts to being charged with another’s crimes.
According to its Web site, the FTC recommends that individuals take a number of precautions with their personal information, including only sharing Social Security numbers with trustworthy organizations and regularly updating the security software on computers that store this information.
But neither tip would have helped victims. The hackers entered NU’s computer systems through “a particular software program that had a security hole” even though “the university has a variety of security measures,” according to Cubbage.
University technology support staff had been reading event logs, “going line by line of code,” for more than a month when NU realized hackers had breached the desktop files.
Weinberg junior Jon Ehret also received a letter Monday outlining the situation. He said he never thought twice about giving his personal information to NU and thought it was safe with the university.
“Initially I felt very secure – you know, it’s a Division I school, a prestigious university – but after this, there’s a little more trepidation,” Ehret said.
Like McIntosh, Ehret called Trans Union to verify that his identity hadn’t been stolen with the information available in the compromised desktop files. Although he, too, was told that his identity was safe – for now – he remains uneasy about the security breach.
“This information is still in the hands of Northwestern,” he said.
Cubbage said no students have reported cases of identity theft or credit fraud to the university at this time.
Reach Christina Alexander at [email protected].
