After almost months of investigations, Ohio State University revealed that it is notifying about 760,000 students, professors, and other employees that their names and Social Security numbers may have been stolen. The university will spend $4 million to pay for the investigation and credit-protection services for those who have been affected by the attack, which is one of the largest to hit a university.
In late October, the university discovered suspicious activity on a primary computer server containing Social Security numbers, addresses, birth dates, and names of three quarters of a million people. These included students, faculty, applicants, contractors, and even consultants. Investigators can find no evidence that any of the data was seen, copied, or taken by the hackers. Evidence suggests that they hacked the server to try and use it to launch attacks on businesses and other computers. Still, it is impossible to be sure so Ohio State will offer 12 month credit protection to everyone affected by the hack.
“We regret that this has occurred and are exercising an abundance of caution in choosing to notify those affected,” Provost Joseph A. Alutto told the Columbia Dispatch.
This isn’t the first time Ohio State has been hit with a huge breach. In 2006, hackers gained access to medical information and Social Security numbers of 60,000+ students who had accounts at the Hudson Health Center. Before that, a server attack containing donor and alumni SS information was hacked. 137,000 people were affected by that breach. Granted, Ohio State is not the only university with this problem, but perhaps it should rethink the emphasis it puts on security.