George Mason University suffers security breach

George Mason University recently discovered unauthorized access to a database that has exposed 32,000 people to potential identity theft, although no such activity has yet been traced to the security breach.

On Jan. 3, an IT employee at the Fairfax, Va., university noticed several attempts to access the database from unauthorized sources, says spokesman Daniel Walsch. The employee reported the incidents to management, which verified that it appeared there had been a security breach, although the university does not know exactly when the breach occurred, Walsch says.

The database stores the names, Social Security numbers and photographs of all university students and employees.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

George Mason University recently discovered unauthorized access to a database that has exposed 32,000 people to potential identity theft, although no such activity has yet been traced to the security breach.

On Jan. 3, an IT employee at the Fairfax, Va., university noticed several attempts to access the database from unauthorized sources, says spokesman Daniel Walsch. The employee reported the incidents to management, which verified that it appeared there had been a security breach, although the university does not know exactly when the breach occurred, Walsch says.

The database stores the names, Social Security numbers and photographs of all university students and employees.

Although under no legal obligation to do so, George Mason sent letters to the 32,000 people whose information is stored in that database, warning them of potential identity theft resulting from the breach. The database doesn’t store financial information, but thieves can gain access to financial accounts using personal data such as Social Security numbers.

The university has also set up a private Web page with information regarding the breach, Walsch says. “We’re trying to be as open as possible,” he says.

The incident was reported to university police; they plan to bring in other law-enforcement agencies to help track down the intruders, Walsch adds. The server that houses the database has been taken off line and will remain untouched so it can be used as evidence in the investigation. A back-up server is taking its place.

The university is unsure whether the intruders had help from within the school, Walsch says.