Ohio U. Servers Open To Hackers For 1 Year

ATHENS, Ohio – Ohio University (OU) administrators were recently informed by the FBI that three of the school’s servers had been open to hackers for a year and possibly longer.

According to CNET, at least one OU technician has been placed on administrative leave because of the breach.

OU is conducting a comprehensive security audit of the systems, including servers that support colleges, schools, departments, and administrative offices across the campus. According to the school’s Web site, OU is also working with law enforcement, top forensic consultants, and colleges and universities that have experienced similar compromises to improve the security of data and IT resources on all our campuses.

OU’s Web site lists the following events that are currently under investigation:

  • Event 1: On Friday, April 21, the FBI advised the Technology Transfer Department at OU’s Innovation Center that a server containing office files had been compromised. Data on the server included E-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes. The FBI has been provided with the disk drives from the server. The incident remains under investigation.
  • Event 2: On Wednesday, April 24, the IT Security Team discovered a server that supports alumni relations and development was being used in a denial of service attack on a computer system outside of the university. The system contained the Social Security numbers of 137,000 individuals. The incident remains under investigation.
  • Event 3: On Thursday, May 4, the IT Security Team discovered that a computer system affiliated with Hudson Health Center had been compromised. The compromised system contained personal information on approximately 60,000 current and former students as well as some faculty and staff at Ohio University. This includes all current Athens Campus students, as well as individuals registered as a student on the Athens Campus at any time since fall 2001. It also includes a limited number of regional campus students, and faculty and staff who have used Hudson Health Center services.

The compromised data include such items as date of birth, PID numbers, Social Security numbers and clinical information regarding health services but NOT counseling services (except for dates of service). The incident remains under investigation.

For additional information on the security breaches, go to http://www.ohio.edu/datasecurity/index.cfm.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo