March 28, 2002
Students advised to change passwords as precaution against hacker
WEST LAFAYETTE, Ind. Purdue University computer security experts and Purdue police Thursday (3/28) are advising students to change their university passwords after discovering that hackers attempted to access information from a student services computer system.
Approximately 145,000 student names, addresses, social security and identification numbers and an estimated 65,000 unencrypted passwords for student services information potentially were exposed during the incident, said Scott L. Ksander, of the Office for the Vice President for Information Technology.
"We cannot tell whether data was obtained, but hackers clearly had the opportunity and ability," he said.
Ksander said the Office of Vice President for Information Technology and Purdue police are advising students to be vigilant and to change their computer passwords a practice that should be followed periodically for protection.
The breach of security was discovered Wednesday (3/27) after a student services computer server malfunctioned. The malfunction was apparently caused by a hacker's attempt to access privileged information on Monday and Tuesday (3/25-3/26), Ksander said.
Subsequent repair diagnostics found further evidence of unauthorized access and tampering from a different source that initially occurred in late February. The computer was immediately taken off-line and turned over to police and security investigators for forensic examination.
Results of the investigation may not confirm whether personal data was obtained by the hackers. In addition to changing passwords, Ksander said students should be watchful and aware that personal data may have been stolen.
"We continue to review security measures and implement changes where appropriate," Ksander said.
Purdue police Capt. Ron Fosnaugh said there is no evidence that any student financial data was obtained or that the university suffered financial loss.
Computer tampering is a Class D felony subject to up to three years in prison and a $10,000 fine. Computer trespassing is a Class A misdemeanor, punishable by up to one year in prison and a $5,000 fine.
Sources: Ron Fosnaugh, (765) 494-8221, firstname.lastname@example.org
Scott L. Ksander, (765) 496-8289, email@example.com
Related Web site:
Purdue News Service: (765) 494-2096; firstname.lastname@example.org