|
An unauthorized user gained access to eight computer servers in the Berry
Machine Room on July 28, 2004. The user apparently also installed an
unauthorized program.
According to Larry Levine, who was Chief Information Officer and Associate
Provost for Information Technology at the time, “Computing Services technicians
quickly removed the program, and we have put into place further safeguards to
secure the servers.”
Because sensitive personnel information may have been copied, the College
notified, by e-mail and letter, all affected individuals for whom it had
addresses. In addition to strengthening security measures, the College also
notified the Federal Bureau of Investigation of the intrusion.
One of the accessed servers contained Human Resources data pertaining to
Dartmouth College employees with benefits, to retired employees on a Dartmouth
pension plan, and to named dependents.
Levine continued, “There is no evidence that the intruder copied information
containing names, social security numbers, and birth dates, but it is possible
that this happened. The intruder also gained access to servers containing
sponsored research data and staff and student immunization information. Again,
it is not clear that anyone actually looked at this data. There was no access
to any data regarding direct bank deposits.
“In other instances of computer breaches at universities, intruders have
wanted to gain temporary access to space on a server on the Internet so as to
provide illegal access to music and movies, or to launch denial- of-service
attacks. We believe that is the most likely scenario in this case.”
Levine urged those whose data might have been accessed to “Take steps to
protect themselves. With your name and social security number, it is possible
for someone to obtain a credit card in your name, to access financial or
personal information about you, or to create a false identity.”
There are steps you can take to protect yourself against identity theft.
With your name and social security number, it is possible for someone to obtain
a credit card in your name, to access financial or personal information about
you, or to create a false identity. You and your dependents should take some of
the following measures:
- You should be on the lookout for any unusual activity pertaining to your
credit cards or those of your dependents. You can call your credit card
companies or check your account activity online.
- You may wish to contact Equifax (800)
685-1111], Experian [(888) 397-3742], or
TransUnion [(800) 888-4213] to obtain
a recent credit report to assure yourself that no unauthorized financial
activity has taken place.
- For further advice on how to protect yourself against identity theft, you
can access the Federal Trade
Commission Web site. This Web site explains how you can direct the major
credit bureaus to place a fraud alert on your credit file so new accounts
cannot be opened in your name, and no changes can be made to your accounts
without your approval. Even if you have not been the victim of identity theft,
you have the right to issue such an instruction as a precaution, and the
Federal Bureau of Investigation recommends doing so.
In conclusion, Levine said, “We greatly regret that this incident occurred.
Unfortunately, this sort of breach is increasingly common nationally. We do not
wish to cause undue alarm, but we do want you to know what happened. We will
continue to take steps to further secure all online information at Dartmouth
College.”
If you have any questions about this incident in particular, or about
identity theft in general, please contact the Computing Help Desk at 646-2999
and select from the options provided, send electronic mail to help@dartmouth.edu, or call your department's
computing support office.
|
