Computer Security Breach: Frequently Asked Questions
1. What happened?
On May 20th, 2005, a hacker or hackers illegally accessed a server on the Teachers College computer system. The College discovered the intrusion the next day and immediately disabled access to the server, reported the illegal entry to law enforcement authorities and the Department of Homeland Security, with whom we are cooperating, and launched an internal investigation to determine where greater security measures might be needed.
2. Who is being notified of the improper access?
Approximately 970 international students, faculty and visiting scholars at TC whose personal information resided on the server that was breached.
3 Why are these people being notified?
Although we do not know if any personal information was actually accessed or copied, the people being notified had records on the server that generally contained a name, address(es), date of birth, immigration status and, in many instances, social security number. In a very small number of cases, visa and passport numbers were exposed. The database did not include any bank account, credit card, or driver's license numbers.
4. Is there an investigation into this incident?
Teachers College is conducting an internal investigation of the matter, and we have also notified law enforcement authorities and the Department of Homeland Security, with whom we are cooperating.
5. Is it known who accessed the system?
At this time, we do not have that information. We are cooperating with law enforcement authorities in their investigation.
6. What is Teachers College doing to prevent further incidents of this kind?
Teachers College has a department with responsibility for our information security. We continually review our policies and practices in order to defend against future incidents. In addition, following any incident of this type, we undertake a special assessment in order to improve our security policies and practices. Beyond that, we do not comment on our security.
7. What has the College done to inform students, alumni and other affected parties about the incident?
We have moved as quickly as possible to accurately assess the situation and to inform the directly affected parties, using the most recent addresses in the University records. If you would like to update your address information, please contact during regular business hours the Office of the Registrar at 212-678-4050 (for currently-enrolled students), the Office of Alumni Relations at 212-678-3215 (for TC alumni), or the Office of International Services at 212-678-3939. We also posted an article about the incident, as well as this FAQ, on the TC Web.
8. If I didn't receive a letter, how can I be sure my records weren't accessed?
Only the records of international students, international faculty, and visiting scholars from 2003 to the present were contained in the server that was breached. If you have not received a letter about the incident by June 10th (allow additional days for overseas delivery), it is likely that your records were not on the server. However it is also possible that the College does not have your most current address. If you are an international student, faculty member, or visiting scholar and have any questions, please send an email to the Office of International Services at firstname.lastname@example.org.
9. How can I get more information?
For information about identity theft, please see the website of the Federal Trade Commission at www.consumer.gov/idtheft/. You may also call the FTC at 877.438.4338. For further assistance and information, please also see the article about this incident on the TC Web at www.tc.edu/infosecurity, frequently asked question at www.tc.edu/infosecurityfaq, or call the Office of International Services (212.678-3939) between the hours of 1 and 5 on Monday through Fridays.
To further protect yourself, you may wish to place a fraud alert on your credit file. A fraud alert lets creditors know to contact you before opening new accounts. Just call any one of the three credit reporting agencies at the number below. This will let you automatically place fraud alerts and order your credit report from all three.
When you receive your credit reports, look them over carefully. Look for accounts you did not open. Look for inquires from creditors that you did not initiate. And look for personal information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand, call the credit agency at the telephone number on the report.
If you do find suspicious activity on your credit reports, call your local police or sheriff's office and file a report of identity theft. [Or, if appropriate, give contact number for law enforcement agency investigating the incident for you.] Get a copy of the police report. You may need to give copies to creditors to clear up your records.
Published Monday, Jun. 6, 2005