14,000 Mercer students’ private information accessed

Written by: Staff

Written by: Laura Pollack and Mariana Braz

A security breach of Mercer’s student data files took place on August 24, 2012 according to a letter that was sent out to more than 14,000 students on September 28. From Mercer’s computer lab, the student was able to access the personal information, including social security numbers.

According to the letter sent to students, “the College does not believe that any identity theft, fraud or misuse of your personal information has occurred.”

In an interview with The VOICE, President Dr. Patricia Donohue and Executive Director of Information Technology Services Susan Bowen explained that the investigation was initiated immediately after the incident.

“We have no knowledge of any fraud. We can’t find evidence of the system being hacked other times,” said Donohue. “The reason the law requires us to tell everybody is in case there was an incident that we weren’t able to find or identify, but Mrs. Bowen’s team checked everything imaginable and was not able to find any evidence,” she explained.

An article published by The Times of Trenton on October 6, affirmed that the student personal information “was inadvertently open to public access in the school’s computer network for as long as two years.”

Despite the college not having any knowledge of fraud, the security breach is still classified as a hacking according to experts. Robert Rottkamp, Key Account Manager of Nettitude Inc., a company specialized in cyber security, explained that unauthorized access to student files is considered hacking.

“Accessing data without permission is generally a criminal offense potentially punishable by fines or even jail time. 500k/4 years”, said Rottkamp.

The letter sent out to the students recommends that students “remain vigilant” and “monitor all account statements.” Bowen did not explain exactly what would be done in case some of the information accessed was misused.

“We don’t anticipate any problems. If there are incidents, we advised people if they’re concerned to put a fraud alert on their account,” said Donohue.

Bowen also explained that Mercer has some procedures to make sure all the data is properly stored and secured. “What we did was audited all of our servers to ensure that the security was set correctly,” she said.

According to Bowen, auditing the servers is something that Mercer does on a regular basis, including the day of the security breach.

Despite the college’s reassurances, students are concerned with their data safety. Anajae Register, a Business Administration major, said, “I think the problem should be fixed because I don’t feel my information is secure at Mercer.”

Sylena Tanner, a Liberal Arts major told The VOICE, “[Mercer] didn’t do a good job securing the info.”

Other students are angered about the delay in relaying the information to the students. Despite the security breach taking place on August 24, the letters were not sent out to students until September 28.

“We should have been informed as soon as it happened. I don’t like the idea of someone messing with my social security number,” said Jabri Louis, an education major.

According to President Donohue, the reason behind the college not informing students for over a month was because of “all of the double checking and guarantees.”

Donohue said that if the college had found evidence of the system being hacked or multiple breaches the college would have informated students earlier.

“I don’t want to share bad information. Sometimes sharing no information is better than sharing bad information, until I’m sure I can tell you the facts,” Donohue said.

Mercer did not hire any outside security service to help them address any other possible weaknesses in the system, according to Bowen.

According to Martins Watts, Director of Nettitude Inc., a company based in New York City that specializes IT security and risk management assessment, hiring outside consultants is the appropriate to handle this kind of situation.

“It is absolutely appropriate for a breached organization to engage with a professional consultancy. Sweeping it under the rug does not address the problem…a more serious breach or a leaked story about this kind of breach not being remedied can both be embarrassing and catch the attention of would-be attackers,” explained Watts. Watts also said that while the college in referring to incidental improper “accessing” of data, the appropriate term to use in this case is, in fact, “hacking.”

According to New Jersey’s eletronica crime statutes, “2C:20-25-4: A person is guilty of computer criminal activity if the person purposely or knowingly and without authorization, or in excess of authorization: accesses any data, database…or computer network.

The State Police of New Jersey have a special Cyber Crimes Unit with two specialized investigative squads and a hotline number to call. Part of the mission of the CCU, according to their website, is to assist in investigations where unlawful access of a computer network has occurred. It does not appear from any statements the college has made that they ever contacted the CCU.

Executive Director for Compliance and Human Resources, Jose Fernandez, told The VOICE that he would not comment on the situation.

When approached for a follow up interview, Director of IT, Susan Bowen, declined to answer further questions, saying she said she was not allowed to talk about the case anymore.

Michael Flaherty, Chief of Security told the Voice he doesn’t know what lab the student was in. “There are a lot of labs at Mercer. He/she could be anywhere on campus.”

He also said that he does not have any other information about the case and that the issues are under investigation by Susan Bowen and the IT Department.

Print Friendly
Share this:
Facebook Twitter Pinterest Tumbler Email

Tags: , , , , , , , ,


Comments are closed.

The First Amendment is under attack at Mercer

Mercer’s Human Resources department has emailed all college faculty and staff a link to a mandatory online compliance training and […]

Puerto Rican Parade and Immigration thoughts at Trenton

After seven years without any parade, Puerto Ricans celebrated their heritage and culture with their traditional parade and Boricua Festival […]

DACA recipients and their worries for their future

Bumba Bat is a recent Rutgers graduate who lives in Ewing Township. His family brought him to the United States […]

Faculty art exhibition at The Gallery

Students had the opportunity to view their professors artwork at The 2017 Visual Arts Faculty Exhibition at The Gallery starting […]

Women’s Soccer: freshmen shine in wet season opener

Chilling rain and 13 mph winds weren’t enough to dampen Mercer’s first major home game for the women’s soccer team this past […]

Russian American in the Age of Trump – The Human Cost of Nationalism and Fear – Part II

One night in Nizhny Novgorod, Russia, when I was 5, the police came. This wasn’t anything new considering my mom […]

Mexican in the Age of Trump – The Human Cost of Nationalism and Fear – Part I

My home town is Chihuahua, Mexico just four hours away from the border between Juarez and El Paso, Texas. I […]

Asbury Park – A revival of arts and economy at the shore

    This article is part of The VOICE’s DAY OUT series that takes readers on photographic adventures to interesting […]

In faculty contract fight months of negotiations fail to end stalemate over pay and benefits

Students have seen signs posted on faculty office doors and in windows saying, “No Contract, but Still Working” but what […]

If the college prioritizes maintenance and cleanliness students will follow suit

Mercer has a beautiful campus that reflects our vibrant community of students and staff, which is why it frustrates me […]

With on-campus daycare unavailable, students must look elsewhere

Every semester it becomes more important for students to complete their degrees and graduate in the time frame they planned. […]

This site is protected by Comment SPAM Wiper.
Social links powered by Ecreative Internet Marketing