Modernizing Authentication — What It Takes to Transform Secure Access
Boston College security technicians purged the Social Security numbers of its alumni after the school discovered a hacker broke into one of its on-campus systems, officials said Friday.
Jack Dunn, a Boston College spokesman, told internetnews.com that the breach involved a computer tied to the college's fundraising phone bank.
"We're fortunate because none of the information on the computer was accessed," he said. "What the forensics suggested was that the hacker had simply been trying to bounce off our system and attack other computers on the Internet."
The computer in question was managed by a third-party vendor, which Dunn declined to name. Tests on the computer suggested it didn't contain the latest patches.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
After taking the computer offline and purging it of Social Security numbers, it was placed behind the college's own firewall.
The incident has prompted officials to take a new look at how the school identifies its students and alumni. Using Social Security numbers to identify an individual is the most convenient way, though not the only one, for many schools to keep track of alumni, Dunn said. That applies to current students.
"That will alleviate the potential for problems going forward," Dunn said. "The idea is to purge Social Security numbers from all databases for the sake of added security."
In the meantime, he said, the IT department will look at other methods of identification, like issuing alpha-numeric IDs.
According to a news report by the Wall Street Journal, most of the college's 137,000 alumni were informed of the breach in a recent newsletter, and were warned to contact their credit bureaus and banks as an added protection against their information being used fraudulently.