Ohio University Fires I.T. Supervisors
This is what you get when you fail to monitor your networks, harden your access lists and investigate incidents. Losing almost a quarter million social security numbers does not look good on your resume’ either. I previously wrote about this issue here.
From the AP Here:
ATHENS, Ohio – Ohio University said Tuesday it has suspended two information technology supervisors over recent breaches by hackers who may have stolen 173,000 Social Security numbers from school computers.
The school did not identify the director of communications network services identified on the school’s Web site as Thomas Reid and manager of Internet and systems. Both were suspended pending the school’s investigation of the breaches, five of which have happened since March 2005.
“We hold ourselves fully accountable,” McDavis wrote Monday in an e-mail to faculty and staff.
The school said in April it had discovered a computer breach at its training center for fledgling businesses. Since then, electronic break-ins also were reported at the school’s alumni office, health center and the department that handles records for businesses the university hires.
Students, alumni and employees have been told to run credit checks and place fraud watches on their credit card and bank accounts. About two dozen people have told the school they were victimized by identity theft in the past year.
As opposed to many of the laptop thefts reported, this is a serious network breach where the data was actually used by the bad guys to setup fraudulent accounts. The University made the right move in firing these inept staffers, but this was actually a failure of policy from the top down, and the University President should be held accountable for failing to implement and enforce a stronger security posture.