ID theft hits Georgia Southern students

[AGDLynn]

Hackers got credit card and Social Security numbers

The Associated Press
Published on: 04/28/05

STATESBORO — Hackers broke into a Georgia Southern University server that contained thousands of credit card and Social Security numbers collected over more than three years.

The Saturday breach puts anyone who made a purchase at the university bookstores between Jan. 1, 2002, and April 26 of this year at risk of identity theft or unauthorized credit card usage, the university said Wednesday.

Included are those who made purchases at the store's campus and stadium locations, as well as on the Web site. Also, GSU students who received a bookstore credit through their scholarship or financial aid between fall 2003 and spring 2005 semesters are at risk.

Rosemary Carter, university spokeswoman, would not elaborate on specifics, including how the hackers got into the store's system, but said the registration, admission and athletic ticket sites were not affected. It is not certain how much information was stolen.

"But we do know it's a very high number. That's why we want to cast a net as wide as possible to let people know and let them take the necessary steps to protect themselves," Carter said. "We don't know if anything has been acquired, but we just can't wait."

At the main university bookstore Wednesday, students looking to sell or buy textbooks were met with a sign informing them that only cash and checks were being accepted because of the intrusion.

GSU student Gillian Harbin said the breach concerned her, but she will continue using the store because there is no other place to purchase her textbooks.

School officials urged anyone whose information was stolen to immediately call their bank and one of the three credit reporting agencies so a fraud alert can be placed on their credit files.

University officials have notified Visa and MasterCard of the breach, and e-mail alerts were sent to students and alumni across the nation, according to a university press release.

Georgia Southern joins the University of California-Davis, Northwestern University, Chico State University.and the University of California-Berkeley, all of which have had breaches exposing students' information this year.

[carnation]

Oh, that's just GREAT, one of our daughters could be affected by that.

[BBelleADPi]

I received this today in an email:

University investigation of computer intrusion continues.....

The ongoing investigation of a computer intrusion at Georgia Southern University has identified additional students and University Store customers whose personal information may have been compromised.

A computer server that contained social security numbers and credit card information for the University Store was accessed by an unauthorized party in the early morning hours of Saturday, April 23. It has not yet been determined if any personal data was acquired by the intruder.

The possible risks to the people whose information may have been compromised include identify theft and/or unauthorized credit card usage. Therefore, the University wants to alert all of the people who may be affected. Individuals may fall into any one of the categories or may overlap into two or more categories.

According to the most recent findings of the investigation, those people who are potentially affected includes:

* Georgia Southern students who received bookstore credits through their financial aid package or scholarships (including HOPE) from Fall 2002 through Spring 2005. This category has expanded in date range by one year.

AND / OR

* Anyone who made a purchase at the University Store with a credit card between July 1, 1996, and April 25, 2005. This advisory includes all purchases made at the on-campus location of the bookstore, online at www.gsustore.com, as well as those made at Eagle Club alumni events and football games. This category has expanded to include several additional years. Credit card transactions from Dec. 9, 1999 through April 25, 2005 contain cardholder name, credit card number and expiration date. Transactions files from July 1, 1998, through Dec. 8, 1999, contain credit card numbers and expiration dates, but do not list cardholder names. Data from July 1, 1996, through July 1, 1998, list credit card numbers only.

AND / OR

* Anyone who made a purchase at the University Store with a check, Eaglexpress card (ID) or charge account at the on-campus location of the bookstore, online at www.gsustore.com, as well as those made at Eagle Club alumni events and football games between Oct. 1, 2001, and April 25, 2005. This advisory has been expanded to include individuals who wrote checks and used their Social Security number (in many cases this is the same number as their driver's license number) as an identifier, and/or any individual who used an Eaglexpress card and/or any individual who used a charge account for a University Store purchase. This is a newly identified group of individuals who could potentially be affected by the intrusion.

If you fall into any of these categories, you are encouraged to immediately place a fraud alert on your credit files by calling one of the three credit reporting companies: Equifax (800-525-6285), Experian (888-397-3742) or TransUnion (800-680-7289). Any one of these agencies will place a fraud alert on your credit files and share the information with the other two agencies. Free copies of your credit report can also be requested.

In addition, people who may have been affected should immediately contact the banks that issue their credit cards and inform them that their credit card numbers and expiration dates may have been compromised.

Georgia Southern officials have contacted MasterCard and Visa with this updated information and will be making reasonable efforts to contact individuals whose social security numbers and credit card information may have been affected. The University's special Web page (www.georgiasouthern.edu/fraudconcern) includes information for people who are concerned that their personal information may have been compromised.

Georgia Southern's Office of Public Safety and Division of Information Technology Services are conducting the investigation of this incident with the assistance of the Georgia Bureau of Investigation and the Federal Bureau of Investigation.

For more information, contact Rosemary Carter or Mike Sullivan, Marketing & Communications -- 912-681-5549.

[Munchkin03]

Quote:

Originally posted by carnation
Oh, that's just GREAT, one of our daughters could be affected by that.

Has she contacted the three credit reporting agencies?

I got a letter a few weeks ago from Berkeley--I applied for admission three years ago. Apparently, my name and information was on some of the computers impacted by the security breach. I called each of the three agencies, who put a fraud alert on my account. I then looked at my credit report to determine if I saw anything wrong with it right away. It might sound alarmist, but I figured it couldn't hurt.

[AOIIBrandi]

Well, unfortunately I guess this is going to include me and my husband as we were both still there after 96 and I have purchased things at the bookstore within the last year