Nearly 8,000 University of Georgia current and former workers are about to get letters telling them that someone possibly hacked personal information about them stored in UGA computer files.
Exactly 7,847 letters are scheduled to go in the mail Friday, said Tom Jackson, UGA’s vice president for public affairs. That’s slightly less than the 8,500 names UGA officials estimated after discovering the security breach earlier this month. Some names in the earlier count were duplicates, he said.
As of fall 2010, UGA had about 10,000 full-time and part-time workers, according to University System of Georgia statistics.
Police investigators have not yet found any evidence that the hacker or hackers who broke into the UGA system have actually used the information for any additional crimes, such as identity theft, said UGA Police Chief Jimmy Williamson.
“We have not seen anybody use the information for other criminal means,” he said.
Williamson couldn’t yet say if the UGA intrusion is related to a mass hacking of higher education institutions earlier this month, when 53 colleges and universities reported intrusions.
“I’m not in position to say whether it’s related or not related,” he said.
A group calling itself Team Ghostshell claimed responsibility, according to a New York Times article on the mass hack.
College information security may not be as tight as institutions such as banks, and colleges are a frequent target of hackers, said information privacy consultant David Schulz.
“Schools tend to collect a remarkable amount of financial information and sensitive personal information,” he said. “I don’t look at it as an information technology program so much as a policy, procedure and awareness problem.”
The UGA police computer forensics team started trying to track down the hackers Oct. 1, after UGA officials learned that two UGA information technology workers’ passwords had been changed by someone. Both workers had access to personnel records.
The data the hackers gained access to include names, Social Security numbers and other personal information.
UGA will pay the costs of credit monitoring for anyone whose data may have been accessed, if the employee or former worker requests it.