spacer

Friday, May 11, 2007

Computer Security Breach at Goshen College — Questions and Answers

The following Q&A provides information about the May 5-7, 2007 security breach of a Goshen College database.

 

Q: What happened?

A: An off-campus computer hacker gained access to a computer system containing personal information about students recruited from the fall 2003 to the present and some of their parents. The potential for improper access extended from May 5 to May 7 on a database containing information on about 7,300 current or prospective students and some of their parents.

Q: How was the system accessed?

A: The hacker remotely accessed a campus server.

Q: Were other computer systems accessed?

A: This computer was used to attack some other computers with the likely intent of sending out e-mail “spam” and not to obtain our confidential data.

Q: What information was potentially viewed?

A: The breach of the college’s computer security systems may have allowed a hacker to view the names, addresses, birth dates, Social Security numbers and phone numbers of students recruited from the fall 2003 to the present and some information for some of their parents.

Q: Was personal information about students and some of their parents taken?

A: No personal information is believed to have been taken based on activity in log files. It is suspected that the hacker's motive was to gain access to our computers, which could then be used to send out spam —and not to obtain our confidential data. While no data was likely lost, the college is continuing to investigate this incident.

Q: How did Goshen College respond?

A: Staff members of Information Technology Services immediately closed this security breach. They also implemented additional internal controls and safeguards for personal information.

Q: Will I be notified if I am affected?

A: Goshen College is informing those whose information may have been improperly viewed or accessed and providing information about how they can monitor their credit reports for suspicious activity.

Q: Have law enforcement officials been notified?

A: Yes.

Q: What is Goshen College doing to help protect financial information that may have been viewed?

A: To our knowledge, no financial information was at risk. On such items as Social Security numbers, the college has contacted the major credit-reporting agencies and informed them that personal information on some students and some of their parents may have been compromised.

Q: What can I do to protect my financial information?

A: Again, to our knowledge no financial information was at risk. On such items as Social Security numbers, there are many independent sources and government agencies that provide advice about preventing unauthorized access to personal information or responding to identity theft. For example, you can check with the Indiana Attorney General at www.indianaconsumer.com/consumer_guide/identity_theft.asp or the Federal Trade Commission at http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html.

You also may want to consider requesting a free initial fraud alert to be placed on your credit file by contacting any one of three major credit-reporting agencies — Equifax, Experian or TransUnion. Additional information will be available on our web site, www.goshen.edu, as it becomes available.

Additional information will be available on our web site, www.goshen.edu. And those affected can contact the Goshen College Information Technology Services Office any time by e-mail at info@goshen.edu or call us Monday through Friday, 8 a.m. to 5 p.m. EDT, at 1-866-877-3055.  On Friday, May 11, 2007, you may call until 9 p.m EDT and on Saturday, May 12, 2007, you may call from 9 a.m. until 5 p.m EDT.

Q: Will Goshen College reimburse those affected for extended credit monitoring protection?

A: No. Again, to our knowledge no financial information was at risk, but this is an ongoing investigation. We would encourage you to continue to check the web site for further details.

Q: What is the college doing to prevent future cases of unauthorized computer access?

A: Goshen College immediately took aggressive steps to put additional firewall protocols and protection in place. In addition, we immediately informed law enforcement. We are committed to working with them to investigate the source and motivation of the attacks.

Be assured that Goshen College is committed to continually improving security protocols, cooperating with law enforcement agencies as needed and informing our constituents if we discover information may have been compromised. We take seriously our responsibility for maintaining and safeguarding information.

E-mail this story

Goshen College
1700 S Main St
Goshen, Indiana 46526
USA
phone: +1 (574) 535-7569
fax: 535-7660
web: arachnid@goshen.edu
other: pr@goshen.edu