Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft from University Computers

Posted by samzenpus on from the don't-trust-anyone dept.

Different River writes "Someone broke into the administrative computers at George Mason University and accessed personal information, including social security numbers, of 30,000 students, faculty, and staff. "Before the hacking, the university was in the process of replacing students' Social Security numbers with other internal numbers to protect against identity theft." Looks like they just missed it."

7 of 259 comments (clear)

  1. This just goes to show.... by ecammit · · Score: 5, Insightful

    This just goes to show why using social security numbers for identification purposes is a bad idea. It always disturbs me how many places actually have that number. It was supposed to really be a secret number to identify your for social security, not everyday identification.

    1. Re:This just goes to show.... by Anonymous Coward · · Score: 2, Insightful

      Actually you're wrong, there are no "rules" that say it's illegal to use the SS number for that.

    2. Re:This just goes to show.... by EightBits · · Score: 2, Insightful

      Actually, not trying to be an ass here, but if there really is a law, could you please point me to it? My university is using SSNs for a number of things and I have been (unsuccessfuly) trying to get this to stop. If I had law to point to, I might be able to start the wheels turning.

  2. Bah, by Saturn+SL1-WNY · · Score: 0, Insightful

    And I'm sure the street value for social security numbers is really high too.

    Obviously, some people seriously need to take a good hard look at the best digital security tool, that's been around since the beginning of computers: THE POWER SWITCH.

    If computers nowadays were not always-on solutions (I'm sure 24/7 SS# databases in a university aren't a hot requirement) they would be less visible, and less prone to being destroyed by internet theives.

  3. I'm less worried over this.. by Tracer_Bullet82 · · Score: 3, Insightful

    than from internal threats.

    How many cases of internal theft do we know?

    As someone who once created and maintained my high school information database, I know how easy the system can be abused.

    What's very imporant is that Universities have strict and applied policies dealing with information and database handling.Limiting the numbers that have access is paramount.
    Background checks for personnel involved should be done too.

    --


    Timang tinggi tinggi
    parang sudah asah
    alang alang mandi
    biar sampai basah
  4. Re:IT majors by Opticalsky · · Score: 2, Insightful

    Actually George Mason University is one of the few that have Ph.D programs in Information Technology, but it goes further such as they have "Information Technology with Concentration in Information Security."

    Kind of ironic that they would have a graduate program there for information security and they just got hacked.

    I think it might be an inside job though.

  5. FYI by Nixoloco · · Score: 2, Insightful

    The machine that was hacked was in the PhotoID Office and it was a Windows machine. Based on the bahaviour it was exhibiting, that is- it was scanning other machines to infect, it may have only been a worm and this whole story has been somewhat sensationalized. It may have been oblivious to the fact that data existed on the machine.
    The fact that the machine may have been unpatched reflects poorly on University Administration (ITU) but not on the CS or IT programs.

    Disclaimer: I work and go to school at GMU.