Shostack + Friends Blog Archive


CMU, 5,000+, Hacker

A hacker who tapped into business school computers at Carnegie Mellon University may have compromised sensitive personal data belonging to 5,000 to 6,000 graduate students, staff, alumni and others, officials said yesterday.

There is no evidence that any data, including Social Security and credit card numbers, have been misused, officials said. But they have begun sending e-mails and letters alerting those affected.

They include graduate students and graduate degree alumni from 1997 to 2004, master’s of business administration applicants from September 2002 through May 2004, doctoral applicants from 2003 to this year, and participants in a conference that was being arranged by the school’s staff.

The intrusion occurred April 10 but was not disclosed until late yesterday so Tepper could notify potential victims, school spokesman Mike Laffin said.

Kudos to CMU for investigating and notifying inside of two weeks, rather than dragging it out for months. The quotes are from “CMU says hacker broke into computers” in the Pittsburgh Post-Gazette, via Dave Farber’s IP list.