[ISN] FBI Investigates Stanford Computer Breach

InfoSec News isn at c4i.org
Fri May 27 03:26:53 EDT 2005


The Associated Press
May 25, 2005

PALO ALTO, Calif. -- The FBI is investigating a computer security
breach at Stanford University that resulted in the theft of personal
data including letters of recommendation and Social Security numbers
for nearly 10,000 people.

The breach happened May 11, when someone from outside the university
gained access to the school's network, Stanford general counsel Debra
Zumwalt said Wednesday. The university would not say whether the
breach happened as a result of a remote hacker, the physical theft of
a laptop or other typical means of network penetration.

Stanford began mailing notifications Monday to about 300 recruiters
and 9,600 others mostly students who visited the school's Career
Development Center since 1996. The electronic dossiers generally did
not include financial information such as credit card numbers or
driver's license numbers.

The mailings complied with a state law that took effect in 2003 and
requires organizations to notify California residents whenever
personal data has been compromised. So far, school officials say,
there's been no evidence of identity theft resulting from the breach.

When the university learned that someone had accessed the network,
security officials temporarily disabled the career center's computers
and reported the incident to the San Jose field office of the FBI.

"Protection of confidential information is a high priority of
Stanford," Zumwalt said. "Since this incident, we have been working to
understand this breach of our system and ways to prevent a

The breach is the latest to affect a major California university. In
one of the state's largest security breaches, the University of
California, Berkeley warned 1.4 million Californians that a problem in
October had exposed the names, addresses, Social Security numbers and
birthdays of people who had participated in a state in-home care

More information about the ISN mailing list