Harvard University
[UPDATE] Attackers Compromise Computer, Post Information On P2P Site
Quick Facts
- Date: 2/19/2008
- Institution: Harvard University
- Type of Incident: Penetration
- Number Affected: Unknown
- Source: ESI
- Abstract Source: The Harvard Crimson
- Update Source: The Harvard Crimson
Abstract
Harvard University's Graduate School of Arts and Sciences (GSAS) is dealing with an attack on an GSAS web site. Over the weekend, an unknown individual was able to compromise an unsecured web site and steal files containing sensitive information such as the administrators username and password, web site databases , web site backups and even a contact database. This information was then posted to Pirate Bay, a popular P2P web site. The 125MB torrent file, which already had 30 seeders and 16 leechers by 8pm last night, was accompanied by a statement claiming that the attack was a demonstration that the GSAS administrator did not know how to properly secure a web site.
Update1: It seems the compromise of the Graduate School of Arts and Sciences web site could have exposed the personal information on up to 10,000 individuals including 6,000 Social Security number and 500 Harvard University student ID numbers. Harvard officials began notifying students after an investigation determined that Harvard could not determine whether or not personal information was exposed. Given this, the university decided to alert students and applicants and offer free credit monitoring through Kroll, Inc.
Havard Student Caught Making Fake IDs
Quick Facts
- Date: 1/9/2008
- Institution: Harvard University
- Type of Incident: Impersonation
- Number Affected: Unknown
- Source: ESI
- Abstract Source: The Harvard Crimson
Abstract
Theodore R. Pak, a Harvard undergraduate student, has been caught creating false identification including state drivers licenses and Harvard identification cards. Some of the Harvard ID cards allow access to student buildings and "Crimson Cash" accounts according to university officials. According to officials, there is no evidence that the fake ID cards were used to fraudulently access cash or personal information. However, Harvard sent a letter to Crimson Cash account holders suggesting these individuals review their accounts for fraudulent activity. At this point it is unclear whether or not the cards were used to gain unauthorized access to buildings.
