FBI, Princeton to investigate breach of Yale admissions Web site
Computerworld - The FBI and Princeton University have opened investigations involving a Princeton admission official who improperly logged into a Web site for students applying to rival Yale University.
In a statement today, Princeton officials acknowledged the incident, which occurred in April, when at least one admissions department worker "used the Social Security numbers of a number of Princeton applicants to access a secure Web site by which Yale informed its applicants of its admission decisions."
Princeton officials said they notified Yale officials of the incident at a May meeting of Ivy League admission officers. Yesterday, according to Princeton, Yale reported the incident to federal and state law enforcement officials.
Lisa Bull, spokeswoman for the FBI field office in New Haven, Conn., confirmed that the office has opened an investigation but refused further comment.
A spokesman for Yale in New Haven couldn't be reached for comment. Officials at Princeton, N.J.-based Princeton University said they wouldn't comment beyond their written statement.
The Princeton official has been identified as Stephen LeMenager, an associate dean of admissions, who acknowledged that he improperly accessed the Yale Web site, according to Marilyn Marks, a school spokeswoman. LeMenager, who began at Princeton as an admissions officer in 1983 and is second in command at the admissions office, couldn't be reached by telephone today. He was placed on administrative leave while the investigations continue.
Security and privacy experts said the incident provides lessons for both sides, as well as for all Web users. Most important, they said, was that both universities apparently should share the blame for this incident.
Eric Hemmendinger, an analyst at Boston-based Aberdeen Group Inc., said Yale was foolish for using easily obtained name and Social Security information to allow access to its admission status Web site. "This wasn't a question of if someone was going to do this, but when," Hemmendinger said. "It's not appropriate, but it was foreseeable."
The Rev. William Grogan, an ethicist and attorney at Loyola University in Chicago, said the combination of lax security by Yale and the "predatory ethics" at Princeton led to the incident. Many universities have unfortunately adopted the business maxim of "do whatever it takes to reach your goal," he said, even if it harms others. "That appears to be adopted in this academic culture," Grogan said.
Marc Rotenberg, executive director at the Washington-based Electronic Privacy Information Center, a privacy advocacy group, said the incident provides a stark reminder to always look at the potential downside of personal information that is posted online. "What the Princeton official did was probably wrong" and could even be illegal, Rotenberg said. "The Yale mistake was putting sensitive information online with weak access controls."
Jose Granado, a security specialist at New York-based accounting firm Ernst & Young LLP, said more accountability is needed before personal data is posted on the Internet. "These kinds of things are going to continue to happen in the future because of the amount of information online these days," said Granado, director of Ernst & Young's advanced security center in Houston.
Princeton hired Newark, N.J., attorney William Maderer to conduct an independent investigation. The university said that it "deeply regrets the improper acts that have taken place" and that it has pledged to cooperate with authorities investigating the incident. Computers and other equipment will be scoured as investigators work to determine who was involved and why the activity was undertaken.
The Web site activity by Princeton admission staff members was first reported yesterday by the Yale Daily News, Yale's undergraduate campus newspaper.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!