Statement by Ohio State University on recent data breaches
The Ohio State University has notified more than 14,000 current and former faculty and staff members that personal data (name, Social Security number, employee ID number, and date of birth) have been exposed as a result of a criminal intrusion into a database within the university's Office of Research. The incident occurred during the weekend of March 31-April 1.
As soon as the attack was discovered on April 2, university information technology officials immediately blocked access to the exposed database and prevented the hackers from accessing additional records. A university information technology response team was convened immediately to investigate the breach, identify affected individuals and their contact information, and take necessary steps to provide notification and assistance. The university has informed appropriate state and federal law enforcement authorities and has engaged outside experts to identify additional possible security measures.
In an unrelated incident, the university is also distributing letters to approximately 3,500 current and former chemistry students who were on class rosters housed on two laptop computers stolen from a professor's Columbus-area home in late February. Public safety officials have indicated that the computers were stolen along with a variety of household items. The records stored in the computers contained names, Social Security numbers and grades. The university information technology response team also investigated this incident, identified affected students and their contact information, and took the necessary steps to provide notification and assistance.
In the letter sent to students and employees, university officials apologized and expressed regret that personal information had been subject to unauthorized access. All affected employees and students will be offered 12 months of free credit protection to help safeguard against harm from misuse of personal information. The university also has established a web site and hotline for all affected individuals where they may obtain additional information.
University students and employees are encouraged to call 1-866-515-9332 or go to http://cio.osu.edu/secureinfo/research (employees) or http://cio.osu.edu/secureinfo/chem (students) if they have questions about either incident.