The student, whose identity is protected under student privacy laws, admitted to the dean of student development that he had gathered the information by exploiting a security hole in Microsoft Windows on several public computers on campus, but denied having divulged the information externally in any way. An investigation by the Boston College Police Department confirmed that the information was not misused externally.
Upon learning of the breach, Executive Vice President Patrick J. Keating organized a task force of staff from Information Technology, Human Resources, Student Services, Student Affairs, BCPD and Public Affairs, along with a consultant from the Massachusetts State Police, to address the issue.
After identifying the individuals affected, Keating sent a series of e-mails and letters to inform them of the breach and the precautionary steps needed to ensure their privacy. These included changing PINs in the Student Learning and Support Center, for those individuals whose PINs were captured, and contacting credit-reporting agencies, for those whose Social Security numbers were obtained.
Keating then issued a follow-up e-mail to the University community to inform them of the incident and the steps BC had taken to resolve it.
This week, Director of Public Affairs Jack Dunn confirmed that the case had been referred to the Massachusetts Attorney General's Office, which will consider prosecution. "We are relieved that the information gathered was not misused externally and that the individual in question is cooperating with BC and State Police," said Dunn.
Keating suggested that any faculty and staff with questions on this issue should contact the Office of Human Resources at ext.2-3330. Students should contact Student Services at ext.2-8900.
-Compiled by Office of Public Affairs staff
Return to October 31 menu
to Chronicle home page