TechWeb

Stanford Hack Exposes 10,000

May 25, 2005 (03:05 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=163701231


The FBI is investigating a security breach at Stanford University that may have resulted in the theft of nearly 10,000 identities stored in its Career Development Center computer system, university officials said Wednesday.

The hack, which took place May 11, exposed some 9,600 clients and 300 recruiters who had used the school's job placement department since 1995, said Debra Zumwalt, Stanford's general counsel, in a statement. The exposed records contained information such as the clients' names, resumes, and Social Security numbers.

The university said that no client records included financial data that could be immediately exploited, such as credit card or bank account numbers. Recruiters' records, however, could have included credit card data.

"Although there is no evidence that any particular records were actually acquired during the intrusion, the university is taking steps to notify clients whose Social Security numbers were included in the database and recruiters that had provided credit card numbers," Stanford added in its statement.

When Stanford learned of the hack, it took the affected servers offline and notified the San Jose, Calif. branch of the FBI.

Letters began going out Monday to the 9,900 people involved. California law requires that data breaches be disclosed to users whose identities may have been compromised.

Stanford was mum on most details, ironically citing security precautions as the reason. "We do not comment on our security," the university said in an online FAQ it posted for current and former students.

All Zumwalt disclosed in her statement was "We have been working to understand this breach of our system and ways to prevent a reoccurrence."

California universities have been the target of numerous security breaches in the last year, including a mammoth October 2004, exposure of 1.4 million identities stored in the University of California, Berkeley system and earlier this month, a leak of 380,000 records from the University of California, San Diego network.