Hacked Ohio State University Server Housed Personal Data of 760,000 People

Ohio State University (OSU) is in the process of notifying 760,000 former and current students, employees, consultants, contractors and applicants, that a computer housing a database with their personal information was compromised by hackers.

The breach was discovered in late October during a routine security review, when the university's IT staff noticed suspicious activities in the system logs.

Data stored on the server included personally identifiable information (PII) such as names, Social Security numbers, dates of birth and addresses.

The university says that it waited over a month before sending out notifications, because it first wanted to establish if the data was stolen or not. It notes that forensic experts were contracted for this purpose.

"After extensive analysis, the experts found no evidence that any data were taken out of the system," writes Joseph A. Alutto, OSU executive vice president and provost, in the notification letter sent to affected individuals.

"Although we do not believe this situation will involve identity theft, out of concern and caution we have developed a plan to provide you with additional oversight of your information," he adds.

Nevertheless, the university offers affected people a one-year free subscription to a credit protection program from Experian, which includes identity theft insurance.

A special website with information about the incident and how to apply for the credit protection has been set up. It also includes a FAQ section.

The internal investigation and analysis of the compromised system revealed that it was used to launch cyber attacks against other organizations, which was likely the main reason for hacking into it in the first place.

The university also hired a data security firm to help it strengthen the security of systems storing sensitive information and draft better data handling policies.

This breach is the latest on a long list of similar incidents at universities around the country. In October we reported that a computer housing the personal information of over 100,000 students who applied for University of North Florida (UNF) was hacked.