Ohio State database compromised

Computerworld - A database intrusion by foreign hackers may have compromised Social Security numbers and other sensitive data belonging to more than 14,000 current and former employees at Ohio State University.

The break-ins occurred on March 31 and April 1 and were detected the following day by university IT staffers. Access to the compromised database was immediately shut down so the school could asses the extent of the breach and prevent further compromises, a spokesman said.

The university also contacted local, state and federal law enforcement authorities and hired security vendor Cybertrust Inc. to help with the investigation, the spokesman said.

The breached database contained employee data including names, Social Security numbers, employee ID numbers and dates of birth, but no salary or other financial information. In total, the database contained more than 190,000 records out of which only 14,000 or so are believed to have been compromised, the spokesman said.

Preliminary investigations have shown that the attacks were launched from at least three separate IP addresses from outside the country, he said.

The university last week sent letters to the affected individuals, offering them a year's worth of credit-monitoring services.

Meanwhile, in a separate incident, the school last week also sent out letters to about 3,500 current and former chemistry students informing them of the potential compromise of their sensitive data after the theft of two laptops from a professor's Columbus-area home in February.

The laptops which held the names, Social Security numbers and grade information about the students was stolen along with several other household items. No information is available on whether the data on the stolen laptops was encrypted, the spokesman said.

Read more about security in Computerworld's Security Knowledge Center.