Hacker attacks computers in Tepper School of Business
On April 10, officials at the Tepper School of Business discovered that a hacker had broken into a number of computers in the school and possibly compromised the personal information of up to 6000 people.
According to the April 21 Pittsburgh Post-Gazette article ?CMU says hacker broke into computers,? information regarding graduate students, alumni, faculty, and staff was the most vulnerable. Although undergraduates were notified of the problem on April 20, they do not as of yet seem to have been directly affected.
Roger Ma, a fifth-year scholar and an undergraduate in the Tepper School, said that the administration ?sent something to the whole Tepper School of Business [saying that] that the computers were compromised,? but that they did not believe undergraduates? information had been affected. Overall, Ma does not believe that the breach is a major concern for undergraduates.
Among information sent out to students was an e-mail from Milton L. Cofield, the executive director of the business administration program, and a notification from Joel Smith, Vice Provost of Computing Services.
Smith?s e-mail states, ?Much of the information compromised in these incidents was not on servers but rather desktop or laptop computers. So, this is not a message exclusively to system administrators ? it is a message to everyone who uses a computer at Carnegie Mellon.?
According to Tepper?s director of public relations, Michael Laffin, the incident was discovered some time around 10 pm on April 10, although it was ?difficult to pinpoint? the exact time. As for how many computers are compromised, Laffin said, ?I know that at one point there was a preliminary number,? but that he was not sure. He believed that compromised personal information included applicant data such as Social Security numbers, contact information, grade-point averages, and standardized test scores.
Laffin also told the Post-Gazette that the reason for the ten-day delay between the breach?s discovery and student notification was so that the school could directly contact students and alumni who might have been affected.
As of yet, there has been no reported evidence that anyone?s information has been misused. However, students in the Tepper School of Business are encouraged to keep an eye out to make sure that their information is not being compromised. A website, www.tepper.cmu.edu/idalert, has been set up for students interested in learning more, and there is a hotline available at 1-800-226-8258.
Students who are concerned about the general security of their personal information can visit www.consumer.gov/idtheft. The Federal Trade Commission suggests watching for warning signs in the case of identity theft, such as unsolicited mail or calls from debtors or credit card companies with which students are not involved. Students should also check their credit card statements every three months initially, and if they are concerned they are victims of fraud, should close existing credit card or bank accounts.
This security breach is just one of several technological incidents that have affected college campuses recently. Roughly one month ago, the Tepper School became a target when a website error allowed applicants to the school to see their acceptance status. However, the Post-Gazette reports that Laffin does not see a link between this incident and any previous ones.