University Network Breach Leads RoundupFerris State University Reports Intrusion
In this week's breach roundup, Ferris State University in Big Rapids, Mich., is notifying 39,000 students and employees that their Social Security numbers and other personal information may have been exposed as a result of a network breach. Also, the U.S. Department of Energy reports that hackers gained access to personal information about 14,000 current and former agency employees.
See Also: The Global State of Online Digital Trust
University Reports Network Intrusion
Ferris State University in Big Rapids, Mich., is notifying about 39,000 students and employees that their Social Security numbers and other personal information may have been exposed as a result of a network breach.
On July 23, the university learned that an unauthorized person evaded its network security and gained access to a computer used to operate the university's website, according to a statement. Upon discovering the intrusion, the university shut down the server and hired a computer forensics firm to investigate the incident.
While the investigation could not find evidence that the unauthorized person actually viewed or removed any information, the university is notifying students and employees regarding the incident.
The university mailed letters to about 39,000 individuals whose names and Social Security numbers were in files that were accessible, according to the statement. They are being offered one year of free credit monitoring.
Letters were also sent to 19,000 current, former and prospective students whose names and student identification numbers were accessible, the statement said. Those students can change their identification number by contacting the university.
Dept. of Energy Hit by Hackers
The U.S. Department of Energy reports that hackers gained access to personal information of 14,000 current and former agency employees, including their names and Social Security numbers.
The incident occurred in late July, according to a Wall Street Journal blog.
In a memo, the agency said no classified data was compromised or targeted. A DOE spokesperson confirmed to the Journal that the memo was sent to employees.
The breach occurred when intruders hacked into a human resources system, which included sensitive information such as payroll data, the Journal reported.
Hard Drive Missing from Doctor's Office
North Texas Comprehensive Spine and Pain Center in Sherman, Texas, is notifying 3,000 patients that an external hard drive containing personal information was stolen from its office.
The hard drive contained patient names, Social Security numbers, birthdates, home addresses and diagnoses, according to NBC affiliate KTEN. So far, there's no evidence the information has been improperly used.
The center has since fired the employee responsible for the theft, the news report says.
Emory Warns of Security Incident
In a cryptic message to students, faculty and staff, Emory University in Atlanta announced it is investigating a breach of its information technology infrastructure.
The university states the incident is "similar to incidents recently reported by other academic institutions and large organizations."
Emory says it's working with information security consultants and law enforcement to determine the source and impact of the breach.
The university is urging anyone with an Emory University netID/username to change their password. Individuals are also urged to update their passwords for any personal accounts if they're the same as the Emory password.
"Because of the ongoing nature of the investigation, we cannot at this point give more details, but we will provide updates to the Emory community in due course," the statement says.