The Ohio State University said that in late October it discovered that unauthorized individuals had logged into the server with names, Social Security numbers, dates of birth, and addresses of 760,000 students, faculty, staff, consultants, and contractors.
After a month-long investigation by computer forensic consultants, Ohio State concluded that there was no evidence that any data were taken from the server. The consultants did find evidence that the unauthorized access was used to launch cyber attacks. Despite this conclusion, the university is offering 12 months of free credit protection to the affected individuals.
The Columbus Dispatch said that Ohio State expects to spend $4 million for the forensic investigation and the credit-protection services. The newspaper said that Ohio State hired forensic computer consultants Interhack and Stroz Freidberg to conduct the investigation. The Dispatch believes this to be one of the largest and most costly data breaches at a university in the US.
“We are committed to maintaining the privacy of sensitive information and continually work to enhance our systems and practices to reduce the likelihood of such events occurring”, said Ohio State provost Joseph Alutto.
The newspaper said that Ohio State would continue to work with the forensic consultants to strengthen its systems against further attacks and that the FBI had been notified about the breach.