Ohio University discovers unauthorized access of Alumni Relations computer records
ATHENS, Ohio (May 1, 2006) -- Ohio University has recently experienced two separate and apparently unrelated incidents of data theft. The FBI is investigating both incidents.
Ohio University officials recently discovered that someone gained entry to a computer system that supports alumni relations and obtained unauthorized access to a large number of its electronic records. The university is contacting individuals who may have been affected to alert them and to offer recommendations on appropriate steps to take. The university has established a Web page at www.ohio.edu/datatheft to provide detailed information for people potentially affected by the theft of information and has established a toll-free hotline at 800-901-2303 or (740) 566-7448 (local calls) for those who were affected or who are uncertain if their information was illegally accessed.
"We are doing everything in our power to reduce the impact of this data theft," Ohio University Associate Provost for Information Technology and Chief Information Officer Bill Sams said. "At this point, we have no evidence of illegal use of the breached information."
The security violation was discovered on Monday, April 24, and the university has devoted all available resources to identify the extent and source of the breach.
"The university immediately began assessing the situation to determine its extent. Once it became clear that personal information was involved, we began the process of notifying the affected individuals," Sams said. The university will hire an outside consultant to conduct a risk assessment of the university's computer information systems.
The computer system contained biographical information for more than 300,000 individuals and organizations, including the Social Security numbers of more than 137,000 individuals. The files did not include credit card or bank information. Ohio University students have not been affected by the incident.
The university is sending e-mails and letters to all individuals whose personal information was stored on the system.
As a security precaution, the university will not request personal information electronically as a part of this notification. The university cautions that if people receive e-mail, even if it appears to come from the university, do not disclose personal information.
TECHNOLOGY TRANSFER DEPARTMENT
On Friday, April 21, the FBI advised the Technology Transfer Department at Ohio University's Innovation Center that the server containing its office files had been compromised. Data on the server included e-mails and patent and intellectual property files. The FBI has been provided with the disk drives from the server. The incident remains under investigation.
University officials will release updates to affected parties and the news media as further information develops.
[ 30 ]
Media Contact: Media Specialist Jack Jeffery, (740) 597-1793 or email@example.com