Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Baltimore Sun reports that a hacker claiming to be part of Anonymous leaked the names, e-mail addresses and phone numbers of 1,300 current and former John Hopkins University Department of Biomedical Engineering students on March 6, 2014 (h/t SC Magazine).
John Hopkins spokesman Dennis O'Shea told the Sun that the hacker contacted university officials on March 5, 2014, threatening to release the information if the university didn't provide passwords to its servers.
The initial breach appears to have occurred in November of 2013.
The information accessed by the hacker didn't include Social Security numbers, birthdates or financial information, though it did contain some student evaluations of classes. "Identity theft does not appear to be a serious issue here," O'Shea told the Sun. "Nevertheless, we felt it was important to notify our students, faculty and staff, and alumni."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
All those affected are being notified by e-mail.
"We will continue to pursue the facts concerning this incident and, of course, will assist the FBI in any way we can," the university said in a statement. "The internal review will attempt to answer, among other things, why the course-related data was on the server for a department Web site, why it was vulnerable to attack and why it was not cleansed of outdated information. This information will help us take action to minimize the risk of any future occurrence."