ATHENS, Ohio (May 11, 2006) -- Ohio University continues to take steps to secure its computer systems against intruders who may attempt to breach the university's databases.
The university recently became aware that someone gained entry to a computer server supporting Hudson Health Center. The incident was discovered May 4.
The compromised system contains the personal information of about 60,000 current and former students as well as some Ohio University faculty and staff. This includes all current Athens campus students and individuals registered as a student on the Athens campus at any time since fall 2001. It also includes a limited number of regional campus students, and faculty and staff who have used certain Hudson Health Center services.
The compromised system contains data from the Student Health Service including such items as date of birth, personal identification number, Social Security number and clinical information regarding health services. Data for Counseling and Psychological Services is limited to date of birth, personal identification number, Social Security number and dates of service. No other counseling records were stored electronically and were not compromised.
The university is sending e-mails to all individuals with information housed on the affected server and will follow up with letters.
The university continues to conduct a comprehensive security audit of university computer systems to improve data security and to determine if there are further breaches of its systems by intruders. This process includes an inventory and analysis of servers in all areas of the university.
Further, outside consultants from Internet Security Systems Inc., who are regarded as among the best in their field, are assisting with the security audit. Currently, information is being collected and critically analyzed.
"We remain committed to making every effort to ensure that the university computer system is as secure as possible and protecting information pertaining to members of the university community, especially its students," Associate Provost for Information Technology and Chief Information Officer Bill Sams said.
A recent report notes that half of all reported security breaches across the country since February 2005 have occurred at colleges and universities. More than 25 major institutions have suffered from such attacks over the past 12 months. Among schools that have recently been affected are the University of Texas, Miami (Ohio) University, Purdue University and Iowa State University. The university is working with the University of Texas, Miami University and others to learn from their experiences with data theft and improve data security.
On April 21, it became known that a server containing office files for the Innovation Center's Technology Transfer Department had been compromised. The university recently learned that the Social Security numbers of 35 individuals were compromised in the Technology Transfer incident. Letters will be sent to the affected individuals.
A security violation of a computer system that supports Alumni Relations was discovered April 24.
In the Alumni Relations database instance, the university sent 65,000 e-mails to individuals the week of May 1 and is following up with letters to all affected individuals.
Given the potential criminal implications, the FBI has been notified of all breaches by intruders.
The data theft incident of the Hudson Health Center server does not affect the university's College of Osteopathic Medicine or affiliated programs such as the University Medical Associates, which maintain their own networks and servers.
Ohio University students who feel their information may have been compromised by a breach of Ohio University computer systems can find information and insights on the Web at www.ohio.edu/datasecurity/. The university has established a hotline, 800-901-2303 (toll-free) or (740) 566-7448 (local calls), to answer further questions.
[ 30 ]
Media Contact: Director of Media Relations Jack Jeffery, (740) 597-1793 or firstname.lastname@example.org, or Media Relations Coordinator Jessica Stark, (740) 597-2938 or email@example.com