December 2, 2005

Security Breach Found in Archive

Print More

Cornell employees this past summer discovered a security breach on a computer that contained personal information, such as names, addresses, social security numbers and bank names and account numbers. After conducting an analysis of the breach, Cornell Information Technology (CIT) did not find evidence that any information stored on the computer had been inappropriately accessed.

Early last month, the University notified the 900 individuals whose data was stored on that computer.

The letter, signed by John Murphy, a senior trust officer in the office of alumni affairs and development, and Steve Schuster, director of information technology, said although they did not believe any personal information had been viewed or accessed by anyone, “we take any such risk very seriously and believe is your right to be informed.”

Those individuals who received the letter were also provided with information on how to protect their personal information from identity theft in the future.

Schuster emphasized that computer security problems are universal.

“More than ninety-nine times out of one hundred, these incidents are the result of software programmed by hackers to scour the Internet looking for computers with large disc space and high bandwidth on which movies, music, and other copyrighted material can be stored and distributed,” Schuster said. “These programs can originate anywhere in the world.”

Simeon Moss, Cornell’s press office director, said that those individuals who had information stored on the computer were not initially contacted when the problem was detected, because CIT wanted to make sure the security breach was analyzed properly – a time consuming and work intensive process.

“It takes time to determine and verify the exact nature of the problem,” he said. “Then it takes time to analyze and determine the extent of the incident and its true risk. And finally, it takes time to determine who needs to be notified and with what information. That communication needs to be coordinated with appropriate offices on campus in order to be consistent and accurate.”

Schuster said CIT is working hard to prevent future computer security problems.

“We are taking a very active role in doing security assessments of the Cornell systems that contain critical information,” Schuster said. “We are also working to enhance information security.”

Archived article by Olivia Oran
Sun Staff Writer