Hackers Target Notre Dame Donors

The university says hackers may have stolen personal information, including social security numbers and credit card information, off one of its servers.

Alumni and friends of Notre Dame University may have had their personal information snatched by hackers, according to a university spokesperson. This hack is the third in a series of compromises of fund-raising systems at other universities.

A server containing social security numbers, credit card numbers and check images from donors to the South Bend, Ind., university was attacked by unknown assailants on Jan. 13.

Notre Dame does not know if any sensitive information was leaked, but it has notified by e-mail and letter an undisclosed number of individuals whose information was on the server, said Hilary Crnkovich, vice president of public affairs and communications at Notre Dame.

The server in question was being used by Notre Dames Development Office for fund raising, but was not part of the campus central data network.

Monitoring systems used by the University detected a potential intrusion into the server on Jan. 13 and staff at the University secured the server and the information it contained shortly thereafter, Crnkovich said.

/zimages/5/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Data on the server covered donations between Nov. 22 and Dec. 12, 2005, and included credit card and social security numbers for donors, as well as check images, she said.

Crnkovich declined to say how many donors might have had information exposed by the breach, and did not comment on whether student information was also on the server.

/zimages/5/28571.gifClick here to read about a lawsuit seeking payback for a major credit card data breach.

The breach was similar to recent incidents at other universities, including Tufts University and Boston College in Massachusetts. Both schools notified hundreds of thousands of alumni and donors of the potential for identity theft after hackers compromised servers managed by RuffaloCody, a software company in Cedar Rapids, Iowa, that makes the CampusCall fund-raising software.

Crnkovich declined to say whether Notre Dame was using software or services from a third party to help manage its fund raising.

"Our contracts are private and our policy is not to discuss business partners," she said.

The investigation into the possible breach is ongoing, but the University may never find out whether any data was exposed in the attacks, she said.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.