[ISN] Server hack at Georgetown Univ. probed

InfoSec News isn at c4i.org
Tue Mar 7 01:12:35 EST 2006


By Jaikumar Vijayan 
MARCH 06, 2006

Georgetown University in Washington has called in the U.S. Secret
Service to investigate a server breach that may have exposed
confidential information including the names, dates of birth and
Social Security numbers belonging to more than 41,000 people.

The breach appears to have been caused by an external hacker and
involved a server that was being managed by a Georgetown University
researcher as part of a grant to manage information on the various
services provided through the District of Columbia's Office of Aging,
according to a university statement released Friday.

The breach was first discovered during routine internal monitoring of
university networks by Georgetown's information security office on
Feb. 12, according to Erik Smulson, a university spokesman. The server
that was compromised was immediately disconnected from the network.

But because "it took some time to recognize the scope and nature of
the exposure, the computer intrusion was not disclosed to the Office
on Aging until Feb. 24, he said. Law enforcement officials were
notified on Feb. 27, and the Secret Service took custody of the
compromised server for forensic testing the next day.

Only data that was on the Office of Aging server was compromised,
Smulson said. He added that the breach did not affect any of the
university's core computer systems containing financial and admission
records. There is no evidence that the compromised information has
been misused so far, he said.

Georgetown University is now notifying the people whose information
may have been exposed in the incident, Smulson said. But that task is
complicated by the fact that the breached server contained records
dating to 1983 on people who may be now deceased, he said.

"We are making every reasonable effort to notify affected
individuals," he said. Georgetown has established a toll-free phone
number, 1-866-740-2458, and a Web site http://identity.georgetown.edu
where people can get more information.

According to a university source close to the incident who requested
anonymity, the server in question was under the control of an
individual who was not technically qualified to be a systems

"Because we're a university and fairly open, there are many computing
fiefdoms all over the place," often run by individuals with grant
money, the source said in an e-mail. Because the university
information system office has not figured out a way to manage these
independently run computing environments, there can be gaps in
security, he said.

In an e-mail informing the university community about the incident,
Georgetown's CIO, David Lambert, said the broad base of research and
service programs conducted across campus "creates an additional
responsibility for every research principal investigator, department
chair and program director in the university to focus attention on
information security.

"As part of our increased focus on the security of all systems in the
Georgetown network, the security office will launch a program
throughout the spring and summer focused on enhancing the security of
confidential information contained on campus and departmental
servers," Lambert said without elaborating.

More information about the ISN mailing list