Damage control

Georgetown is now notifying people whose information may have been exposed in the incident, the spokesman said. But that task is complicated because the breached server contained records dating back to 1983 on people who may now be deceased.

The university has established a toll-free phone number and a Web site where people can get more information.

In a March 3 e-mail to students and workers, Georgetown CIO David Lambert said the university's security office plans to focus on "enhancing the security of confidential information contained on campus and departmental servers" during the spring and summer. He did not elaborate.

According to a university source familiar with the incident who requested anonymity, the server in question was under the control of an individual who wasn't technically qualified to be a systems administrator. "Because we're a university and fairly open, there are many computing fiefdoms," often run by individuals with grant money, the source said in an e-mail.