The University of Georgia says it is working with state and federal
officials to determine if a computer hacker accessed the names and Social
Security numbers of more than 1,600 current and former employees.
Most of the employees work in the College of Agricultural and Environmental
Sciences, one of the largest of the university’s 15 colleges, according to
Tom Jackson, a UGA spokesman.
However, the breach may also affect others who have received payments from
the college, he said.
University officials believe 2,429 Social Security numbers were exposed, but
say many of those were duplicated numbers, which likely drops the number
exposed by one-third.
The university discovered the illegal queries, which apparently came from outside the United States, on Sept. 19. It immediately took steps to block this sort of exploitation, said Jackson.
An investigation is under way to determine precisely which information may
have been exposed. However, school officials say the database did not contain credit-card information.
“The irony is that the breach occurred while the university is trying to do
away with using Social Security numbers,” Jackson said.
Although the school has begun the laborious task of using alternative forms
for identifying students and staff, the process of changing records for
33,405 students 9,300 staff members will take some time, Jackson said.
“Universities are an open environment,” he said. “We’ve got to get away form
using Social Security numbers for ID. But it’s not like you can just throw switch on and it’s done.”
Each individual in the database is being notified by e-mail and regular post
mail of the incident, Jackson said.
Last year, a cracker broke into the school’s system and may have accessed the
credit-card information of approximately 32,000 students. The
university never caught the hacker and was not aware of any misuse of that
information, according to Jackson.
“It indicated the hacker really didn’t know what they had,” Jackson said.
Universities have had their share of computer security problems over the
past year. Large schools, like the University of Georgia, often provide
hackers with a tempting target.
In June the University of Southern California joined the growing number of schools to report a
computer security breach when its online application database was broken
into, leaving 270,000 records exposed.
In March crackers broke into two schools’ systems. A Boston College computer system that stored fund-raising information of possibly up to 120,000 alumni of
Boston College was breached.
And California State University, Chico, suffered a breach of its housing and food service computer system, which contained information about 59,000 current students.