Quick Facts

• Date: 12/4/2009
• Institution: Eastern Illinois University
• Type of Incident: Penetration
• Number Affected: 9,000
• Source: ESI
• Abstract Source: EIU Notice to Students, Daily Eastern News

Abstract
Eastern Illinois University recently began notifying current and former students as well as applicants after discovering a security breach involving a server containing applicant information. The server, used by the Office of Admissions, contained the electronic applications for admissions between March 10, 2000 and November 16, 2009. These applications contained names, Social Security numbers, dates of birth, mailing addresses and other contact information on 9000 individuals. The university discovered the server was participating in a botnet on November 16 and took action to remove the server from use. An investigation discovered the server was compromised on November 11. While university officials state there is no evidence anyone accessed the applicant data, Eastern is offering those affected a one year membership for identity theft protection through Experian. When asked about the three week delay in notifying affected individuals, Adam Dodge, Eastern's IT Security Officer, stated that many factors contributed to delay including an in-depth investigation by Dodge's office, gathering information on the individuals on the server, collecting and verifying address information, and contracting with Experian.