, Washington Post 2005-01-11
A computer hacker apparently broke into a George Mason University database containing student and employee Social Security numbers, leaving 32,000 people uncertain whether their finances or identities might be compromised.University spokesman Daniel Walsch said yesterday that the intrusion was discovered Jan. 3 by the department that manages campus computer systems. The database also included names, school identification numbers and photographs.
The university quickly notified employees and students, Walsch said, adding that no one has reported that any personal information was used inappropriately.
Although the George Mason database did not include financial information, the university recommended that students and employees notify their banks and credit card providers to be on the alert for suspicious activity on their accounts.
The break-in is the latest in a spate of hacking directed at universities, which often maintain a rich store of personal data.
In the past year, systems at the University of Georgia, the University of Missouri-Kansas City and the University of California at Berkeley were attacked by hackers. The California breach resulted in the exposure of 1.4 million Social Security numbers.
High-profile break-ins also have occurred at financial institutions and other companies.
Walsch said the data were housed on computers running Microsoft Windows systems. He said that campus police are leading the investigation but that the probe would likely include other law enforcement agencies and technical experts.
Many computer security experts and some law enforcement officials have warned institutions against using Social Security numbers as a primary means of identification. Once compromised, the numbers can allow hackers to obtain sensitive personal information or impersonate a consumer.
Walsch said that GMU had been moving away from an identification system based on Social Security numbers, in favor of "G-numbers" that assign every student and employee a unique identifier.
But the transition was not complete when the break-in occurred, he said. He added that the school would review all of its data storage and computer security practices.