About 1,600 current and former employees of the University of Georgia in the US are being notified that their Social Security numbers, stored on a campus server, may have been seen by a hacker operating from a foreign country. In an announcement Thursday, the Athens-based school said the security breach was discovered September 19 by university IT staffers and that the intrusion was stopped. No credit card information was accessed during the incident, the university said.
The affected records belong to current and former employees of the university's College of Agricultural and Environmental Sciences. Some 2,429 Social Security numbers may have been exposed during the breach, but because about 800 of those are duplicate records, the actual number of affected individuals is about 1,600.
All potential victims are being notified of the breach by e-mail or postal mail and are being advised of an ongoing investigation by the Georgia Bureau of Investigation and by the FBI, said Tom Jackson, a university spokesman.
So far, there have been no reports of identity theft or any other illegal use of the information, Jackson said.
"While there is no evidence that information was actually accessed, the potential exists for the intruder to match names and Social Security numbers," said Stan Gatewood, the university's chief information security officer. "So it is imperative that we notify the individuals involved, so that they may take appropriate steps to protect against identity theft."
The university also faced a hacker incident in January 2004, Jackson said, when some 32,000 credit card numbers were exposed after a hacker broke into student application files. No perpetrator was ever identified and no reports have ever been received of anyone using the stolen credit card numbers, he said.
Two weeks ago, a laptop computer that had been stolen in March from the University of California, Berkeley, was recovered after investigators discovered it had been bought over the Internet by a man in South Carolina.