By Martin H. Bosworth
ConsumerAffairs.com
March 7, 2006
A Georgetown University network server containing personal information
on over 40,000 residents of Washington, D.C. was invaded by hackers, exposing thousands of individual names, Social Security numbers,
and dates of birth, the university said.
The university was hosting data belonging to the D.C. Office of Aging (DCOA), which coordinates services for the elderly throughout the city. No financial data was contained on the server
DCOA's many partnerships and programs include services from the Department of Parks and Recreation, the Providence Health Foundation, and the University of the District of Columbia.
The theft was first reported by Georgetown to the DCOA on Feb. 24th. On Feb. 28th, the Secret Service confiscated the compromised server for "forensic testing," according to a Georgetown spokesman.
Spokesman Erik Smulson, the data breach was first noticed on Feb. 12th, as part of a "routine security review."
Georgetown University set up a toll-free number to answer questions about the data theft, at 1-866-740-2548. Smulson said the line had received "several hundred" calls since news of the theft was made public.
Ironically, Georgetown University's professors and researchers have often been consulted as experts in issues relating to data breaches and Internet law.
Georgetown Law professor Jonathan Rusch is special counsel to the Justice Department for criminal fraud, and has written numerous articles on the vagaries of online law and identity theft.
Marc Rotenberg, in addition to his duties as adjunct professor of law, is also president of the Electronic Privacy Information Center (EPIC), and frequently testifies before Congress on issues of identity theft and privacy.
Testifying before Congress in 2001 on the matter of Social Security number theft, Rotenberg said "It is the financial service industry's misplaced reliance on the SSN, lax verification procedures and aggressive marketing that are responsible for the financial consequences of 'identity theft.' Congress must encourage the industry to develop alternative, and less intrusive systems of record identification and verification."
