US university hack may have exposed personal data

13.03.2006
Georgetown University in Washington has called in the U.S. Secret Service to investigate a server breach that may have exposed confidential information on more than 41,000 individuals.

The breach appears to have been caused by an external hacker and involved a server that managed information on services provided by the District of Columbia Office on Aging, according to a university statement. The breach may have exposed the names, dates of birth and Social Security numbers of people taking part in the agency's programs.

The server was managed by a university researcher under a grant from the Office on Aging.

The breach was discovered Feb. 12 during a routine check of school networks by Georgetown's information security office, said a university spokesman. The compromised server was immediately disconnected from the network, he said.

But because "it took some time to recognize the scope and nature of the exposure," the intrusion was not disclosed to the Office on Aging for almost two weeks, according to the spokesman. Law enforcement officials were then notified on Feb. 27, and the Secret Service took custody of the compromised server for forensic testing the next day.

There is no evidence that the compromised information has been misused, the spokesman said. He said the breach did not affect any of the university's core computer systems containing student financial and admission records.