Choose the topics of most interest to you to follow under "My Headlines".
Duke Law School Website Illegally Accessed
Durham, NC - Duke Law School has sent alerts to about 1,400 people whose Social Security numbers were stored on a school website that was illegally accessed.
School officials said they were contacting the affected people as a precaution and did not know whether the electronic intruders actually gained access to the information. The site stored data from prospective applicants who requested information from the school's admissions office. About 1,400 of those requesting information provided Social Security numbers.
The intrusion was discovered last Thursday by school officials, who quickly took the site offline as a precautionary measure, said William J. Hoye, the law school's associate dean of admissions. During their ensuing security evaluations of the website and server over the next several days, Duke computer experts found the database containing the Social Security numbers and determined that it was exposed during the attack.
"We have no evidence that the intruders actually downloaded or acquired any of this information," Hoye said in an email sent to the prospective applicants Tuesday. "Nonetheless, we know they had the opportunity and the tools to do so."
The law school urged those whose Social Security numbers may have been at risk to take steps to monitor their credit and protect against identity theft. The email provided information for accessing credit reports and activating fraud alerts, as well as contact information for school officials who could respond to questions from affected individuals.
The school's investigation also revealed a second database for current applicants that could have been accessed. The information contained in that database included home addresses, phone numbers, email addresses and passwords the applicants created to view their application status. It did not contain Social Security numbers. The 1,900 applicants in this group also were notified by email Tuesday of the security breach and advised to change passwords used elsewhere if the password was the same as the one they used on the Duke Law site.
"The security and safety of our community is of utmost importance to us, and Duke University works hard to protect the personal information of prospective students and other community members," the email continued. "We are taking all possible steps to address this breach and prevent it from happening again. We also have notified law enforcement agencies and will notify any relevant government agencies about Duke's response."
In its email to applicants, the law school said it is restructuring its application status tracking page to eliminate the need for passwords. The database containing Social Security information will not be reinstated.
School officials also said other databases at the law school, including those containing the email addresses or personal information of current students, employees and alumni, were unaffected by the incident.
© 2013 Office of News & Communications
615 Chapel Drive, Box 90563, Durham, NC 27708-0563
(919) 684-2823; After-hours phone (for reporters on deadline): (919) 812-6603