Spring Break
Breach may have exposed donor information
Hacker causes Notre Dame's first significant computer security intrusion
Maddie Hanna
Issue date: 1/23/06 Section: News
|
The data in question - possibly including Social Security numbers, credit card information and check images from donations made between Nov. 22, 2005 and Jan. 12 - pertains to a "minority" of alumni donors and friends of the University, said Hilary Crnkovich, vice president of Public Affairs and Communication. She declined to provide a specific estimate of the number of donors affected.
"We're not comfortable quantifying it," Crnkovich said Sunday. "We have no facts or quantification that people were compromised."
The intrusion was not initiated from an on-campus location, Crnkovich said, but its source is still a mystery.
"We just really don't know," she said.
Gordon Wishon, chief information officer for the Office of Information Technologies, said the University is working with two independent forensics firms to determine the source of the intrusion and expects to receive results in several days.
The analysis will "examine the contents of the server, look at the logs and a variety of data to help describe the nature of the intrusion and the intent of the intruder," Wishon said Sunday.
However, the investigation may be unable to pinpoint the intruder's exact location, especially if the site was overseas or several relay sites were involved, Wishon said. And it's also unclear whether or not the University will know what information, if any, was viewed.
"It may be that we'll never find out exactly what was exposed or taken," Wishon said.
Both Crnkovich and Wishon said it was possible the purpose of the intrusion was for file-sharing purposes, designed to obtain server space rather than personal information.
"Most commonly with incidents of this type, that's what happens," Wishon said. "It's very common … [but] I certainly don't know if that's the case."
The server, which is not part of the University's central data system, was used for inter-office file sharing in the Development Office, Wishon said.
While the server is maintained primarily by Development Office staff, Wishon said OIT's Information Security Department collaborated with the Development Office to provide security standards for the server.