Breach in Web site security found by Duke Law School
Published: Wed, Dec. 05, 2007 12:00AM
Modified Wed, Dec. 05, 2007 02:41AM
E-Mail
Print
tool name
closeThe Social Security numbers of about 1,400 prospective Duke Law School students may have been accessed by a hacker to the school's Web site, officials said Tuesday.
An editor working on the site Thursday afternoon found several links that were not authorized, Duke Law School spokeswoman Melinda Vaughn said Tuesday evening. She said the site was immediately taken offline; an investigation began into how the links were put on the site.
Vaughn said two databases -- one for students who have requested information about the law school and one for students who have submitted applications -- were available for viewing by hackers. The database for interested students included the Social Security numbers of about 1,400 students. The issues for applicants were e-mail addresses and user-generated passwords used to check their application status to the law school. About 1,800 people were registered on the second database, she said.
CALL FOR INFORMATION
Prospective students with concerns about a recent Web site breach can call the school at (919) 613-7259 or send an e-mail to webdata@law.duke.edu.
More Local & State
"We were concerned that some of those people might have used the same passwords that they used on other sites," Vaughn said.
In an e-mail message to the affected students, Associate Dean of Admissions William J. Hoye said the information may not have been breached.
"We have no evidence that the intruders actually downloaded or acquired any of this information," Hoye said in the message, sent Tuesday. "Nonetheless, we know they had the opportunity and the tools to do so."
The school is telling those affected to monitor their credit as a precaution. A phone number and an e-mail address have also been set up for anyone to get answers to questions about the possible breach.
Vaughn said personal information of two current students was possibly compromised in the site breach. Those two, she said, were among the prospective students who had generated passwords to check their application status.
Tuesday evening, a note on the Web site of Duke Law School said some of its content continued to be unavailable for access. Vaughn said she expected the site to be back online as soon as Tuesday night.
"We're certainly continuing the investigation," she said. "We still don't know what happened and who did it."
marlon.walker@newsobserver.com or (919) 836-4906
Get it all with convenient home delivery of The News & Observer.
The News & Observer is pleased to be able to offer its users the opportunity to make comments and hold conversations online. However, the interactive nature of the internet makes it impracticable for our staff to monitor each and every posting.
Since The News & Observer does not control user submitted statements, we cannot promise that readers will not occasionally find offensive or inaccurate comments posted on our website. In addition, we remind anyone interested in making an online comment that responsibility for statements posted lies with the person submitting the comment, not The News and Observer.
If you find a comment offensive, clicking on the exclamation icon will flag the comment for review by the administrators, we are counting on the good judgment of all our readers to help us.
