Complain about a product or service

Hackers Swipe Sacred Heart Data

By Martin H. Bosworth
ConsumerAffairs.com

May 29, 2006

Data Theft • Bank Data Breach Threatens 248,000 in North Carolina • GPS Not Foolproof • Countrywide Warns Millions of Data Breach • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

Personal data apparently isn't sacred at Sacred Heart University. The university says an onsite computer containing information on 135,000 individuals has been hacked.

The data contained personal information such as names, addresses, and Social Security numbers. In some cases, the individuals had never attended the Fairfield, Connecticut-based university, nor worked there or been associated with it in any fashion.

The FBI was contacted and, according to Sacred Heart's spokespeople, will soon begin an investigation.

The university has set up a special Web site and toll-free number to address concerns and provide information for affected individuals. In a statement on the Web site, the university stated that it could not verify if the data had been accessed, "but we believe that the intruder had the expertise to do so."

Why would a university collect and store data on individuals who had never been students or employees?

According to a university spokesperson interviewed by local TV station WTNH, Sacred Heart collected information on "prospective students" from job fairs and testing services, among others.

Connecticut Attorney General Richard Blumenthal told WTNH that his office would be opening an investigation of its own, particularly into the reasons why Sacred Heart was collecting data from unaffiliated individuals.

Blumenthal is also leading a crackdown on the hugely popular MySpace.com Web community, asking that the site provide blocking software to prevent minors from viewing pornography posted on the site, and preventing children under 16 from being able to join.

Universities Targeted

The Sacred Heart breach is the latest in a series of data breaches and hacks of university computer systems.

In March 2006, a Georgetown University network server containing data on 40,000 Washington D.C. residents was hacked, exposing the names, addresses, and Social Security numbers to identity thieves.

Ohio University suffered a series of data breaches over the last few months, culminating in the theft of medical and personal information on 60,000 students from one of its health centers.

Bill Sams, Ohio University's chief information officer, recently revealed that the information had been in hackers' hands for nearly a year before its loss had been detected.

Security research analyst Avivah Litan told CNet News that the Ohio University breach demonstrated that colleges and universities don't take personal data security as seriously as they should, given the amount and type of information they collect.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |