Friday June 29, 2007
Technique - The South's Liveliest College NewspaperNews
 

Computer breach puts data at risk

By Craig Tabita News Editor

A computer breach discovered by Tech June 1 may have exposed personal data belonging to 23,000 current and former students. The affected students were all notified via e-mail June 14.

According to Matt Nagel, a media relations specialist with Institute Communications and Public Affairs, the computer contained names, addresses, GT ID numbers, and birth dates.

"The information was on a file on that computer that was breached, but there is no way of knowing whether for sure that file had been accessed," Nagel said. The Institute decided to inform students as a safeguard, he said.

"We're erring on the side of caution. Whenever there's information that is compromised you want students to be aware of it so that they can keep an eye out for things," Nagel said.

Nagel could not reveal any details pertaining to what was meant by a "breach", citing the ongoing investigation into the incident.

Tech found that the computer contained this personal data on June 5, four days after they discovered the breach.

The personal information is protected under the Family Education and Rights Protection Act (FERPA), a federal statute enacted in 1974 which is designed to ensure privacy of directory information.

The act requires educational institutions to give students advance notice if they intend to disclose their personal information, as well as a chance to request that their information remain undisclosed. It also requires that students be notified once per year of their rights under the act.

Nagel said that the students whose data were contained in the file took mandatory courses in the College of Computing between 2005 and 2007. Each Tech undergraduate is required to take at least one computing course, depending to their curriculum, which explains why so many students have been put at risk.

"Immediate steps have been taken to isolate the impacted file, and additional technical and administrative safeguards are under way," the Institute's letter to affected students states.

This is the second time in 2007 that the Institute has faced a security compromise that put personal data at risk. In February, 3,000 current and former employees, primarily within the School of Electrical Engineering, were notified that a massive breach had exposed information including their social security numbers.

A much more serious incident occurred in 2003, when the Ferst Center for the Arts announced one of their systems was accessed by an unauthorized intruder, and that information about approximately 57,000 customers of the theatre may have been released. About two-thirds of those customers had active credit cards on file.