Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carnegie Mellon Says Computers Breached

Posted by CowboyNeal on from the back-door-left-open dept.

maotx writes "Carnegie Mellon University is warning more than 5,000 students, employees and graduates that their Social Security numbers and other personal information may have been accessed during a breach of the school's computer network. What makes this one even more interesting compared to other recent break-ins is that CMU is home to the famous CERT."

3 of 203 comments (clear)

  1. Casual attitude about SSNs by bigtallmofo · · Score: 5, Insightful

    What exactly were social security numbers doing on that computer?

    I'm still amazed at what companies ask me for my social security number and their casual attitude about what they do with it. My health insurance company uses it as my ID number. My dentist thinks nothing of asking for it and scribbling it on a post-it note along with my name while they enter a claim form into their computer and then they throw the post-it note away.

    I always make an attempt to refuse to give my SSN. The shocked, negative reaction I get is absolutely amazing to me. It is apparently so ingrained to U.S. culture to give that number up to anyone that asks regardless of the totally insecure way they handle that number.

    --
    I'm a big tall mofo.
  2. Not really CMU, but Tepper School of Buisness by Rufus211 · · Score: 5, Informative

    Just a quick clarification, Carnegie Mellon itself was not hacked. This was a Tepper School of Buisness machine that was hacked and their student data lost. As seems to be fairly normal, the buisness school is almost its own entity, even running on a different schedule than the rest of the campus.

  3. Letter from Tepper by Snorpus · · Score: 5, Informative
    I'm an alumnus of Tepper (GSIA, the old name, actually) and here's the email I received on Wednesday, April 20.

    Dear ______,

    On Sunday, April 10, the Carnegie Mellon Computing Services Office of Information Security identified a breach of some computers at the Tepper School of Business. Upon investigating and recognizing the unusual activity, Computing Services worked to disable, inspect and secure all servers and personal computers.

    We have no evidence that personal information on breached systems has been used for illegal or malicious activities. However, the potential risks associated with identity theft are very serious matters, and the Tepper administration has chosen several precautionary steps to communicate with all affected students, graduate alumni, faculty and staff on safeguarding measures aimed at protecting privacy.

    While we have not identified unauthorized use of information, we strongly encourage you to take steps to ensure your privacy. Personal information included in the databases that may have been accessed includes:

    - For master's alumni Class of 1997 through the Class of 2004: Social Security number and grades included in a student services database.

    - For master's alumni Class of 1985 through the Class of 2004: Job offer information you may have entered into the COC database as part of your job search process.

    - For all alumni: Contact information you may have entered into the alumni directory/alumni database. (Note: All Personal Access Codes (PAC) for the alumni database have been automatically updated for increased security.
    Your new PAC number is: **********
    Your email address in the directory is: ****************

    - For doctoral alumni Class of 1998 through 2004: Social Security number, GMAT, GPA and information submitted in your application to the doctoral program.

    Please visit www.tepper.cmu.edu/******* for information regarding precautions and steps to take to protect your personal information.

    We apologize and regret the inconvenience associated with this incident. Currently, the business school is in the early stages of investigation and does not have all details regarding the source of this breach. As further information is discovered, we will be sure to include it on the Web site listed above. In any event, please understand that we would not disclose details that would put any computer or network at risk of further intrusion or malicious attack.

    The recent Tepper incident is similar to the computer breaches reported by other universities. As a campus that prides itself as a hub for technology innovation, Carnegie Mellon is extraordinarily mindful of issues regarding information security. The recent breach is a reminder of the sensitive business environment in which we operate and the need to consistently monitor and advance our infrastructure and processes.

    If you have questions or concerns, we encourage you to contact John Sengenberger at jseng@andrew.cmu.edu

    Thank you.

    Steve Sharratt
    Associate Dean for Advancement