- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
CHICAGO – In 2005, Boston College recovered from a data breach by putting its customers’ needs first. On Monday, at The Security Standard conference held here, the college’s head of security explained how.
Walking the audience through the data breach that occurred at Boston College in 2005 when personal information of 100,000 alumni was potentially put at risk, David Escalante, director of computer policy and security, explained how the college recovered, and managed to regain its customers’ trust.
In March of 2005, Boston College sent letters to 100,000 alumni to inform them about a data breach and the potential for identity theft. A rogue server locked in the utility closet of a computer lab on campus had been hacked, and had been used to store alumni records.
Once Escalante’s team discovered which computer was hacked and what information was at risk, it was time to take action. The college had an incident-response team in place that dealt with virus outbreaks and similar threats, but the CIO decided this breach was too big for the security team to handle, Escalante said. Instead, the CIO pulled together a larger team including legal and PR departments. “The CIO had the contacts to pull together this massive effort,” he said.
While the team was being assembled, Escalante’s group performed computer forensics, which was difficult because they had never seen this server before, he said. In addition, the response team was pressuring him to determine why the data was breached and set a forensics deadline at which point they would inform all 100,000 alumni whose records were on the server, unless forensics could prove that not all records were accessed.
“Boston College was founded by Jesuits, and the president of the university is a priest,” Escalante said. “That leads to a highly ethical culture, and it made processing a lot easier. We confessed to our guilt and asked people’s [forgiveness].”
Although Escalante read the log files and knew the database hadn’t been breached, the problem was a series of scratch files that students who called alumni asking for donations had created. Policy was that those file should have been deleted, but they hadn't been. For expediency, the college decided to send letters to all the alumni, instead of taking the time to figure out whose information may have been compromised.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
Kerry: True enough. TheBy David on September 12, 2007, 1:23 pmKerry: True enough. The talk this article is based upon also noted that BC had a "recovery team" and stated "Don’t allow the recovery team to bring the system...
Reply | Read entire comment
Boston College's poor excuse for an excuseBy Kerry on September 11, 2007, 5:55 pmUnfortunately, this is a poor excuse for an excuse. Sorry, we messed up. Forgive us. This may work in a very forgiving environment, but the best reaction and recovery...
Reply | Read entire comment
View all comments