Hacker accesses 5,300 personal student records

When senior Kevin Donahue opened his mail Monday, he received a less than pleasant surprise.\n"Dear Kevin," the letter began, "On Monday, November 7, security analysts in the Kelley School of Business and Indiana University's Information Technology Security Office determined that an instructor's computer in the Kelley School of Business had been compromised by a hacker. We are writing you about this security problem because your personal information was present on the computer."\n"I was kind of scared," Donahue said.\nJames Anderson, director of information technology at Kelley, said during a routine scan, UITS detected three malicious software programs that had been installed on an instructor's computer in mid-August. \n"You're not going to find folks who are not malicious hackers who have access to these programs," Anderson said. "They are not something your average computer user would use. They are very cryptic and non user-friendly."\nWhile Anderson has not yet figured out who hacked into the system, some of the files from the hacker included instructions in French, which, Anderson said, he doesn't know how to interpret that information.\n"It could mean the hacker was from France," he said. "It could mean he was from a different country or it could mean that it's someone from this country fluent in French."\nThe programs had been accessed Oct. 3, resulting in confidential student information, including social security numbers, names, attendance records and grades being compromised by the hacker. By Friday, 5,278 students received letters from Kelley School of Business Dean Daniel Smith stating that some of their personal information was on the computer. The social security numbers of 4,778 students were on the machine. All of the students affected had been enrolled in X100 Introduction to Business between 2001 and 2005.\nAnderson said there has been no reported misuse of personal information, but he does encourage students who received a letter from the dean to take a few precautions. For those students whose social security numbers were on the computer, it would be a good idea to get a credit report and look for unusual behavior, Anderson said.\n"I got my credit report yesterday to see how easy it was," Anderson said, "and I was amazed. After 30 seconds I had a report in front of me that was 28 pages long."\nAnderson said students should look at their accounts on the report and make sure new accounts they did not open are listed. \nSmith said he, Anderson, and the members of the Information Technology and Security Offices are working to make sure no more computers are hacked into.\n"We are completing an audit of all computers in the school to ensure that they are configured properly to automatically update anti-virus software and system patches," Smith said in an e-mail. "Additionally, faculty will be stringently reminded to store all institutional data on a secure network drive in the future."\nAnderson said he is available for students if they have questions about the hacking. He's received more than 40 phone calls already. He has also set up a Web site to help students with questions, www.kelley.iu.edu/security/X100.cfm.\nFor Donahue, all of his questions were answered when Anderson came to speak in his X100 class.\n"I'm still going to get a credit report," Donahue said. "I mean, it's not good that someone can put a trillion viruses on the computer"