DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Security Breach Announced at Cornell

Posted on June 23, 2009 by Dissent

A stolen Cornell University computer has compromised the personal information of thousands of members of the University community. The computer contained the names and social security number of current and former students as well as current and former faculty and staff members.

An e-mail obtained by WVBR said that currently, no misuse of this sensitive information has been found. Also in the message, Cornell said that they have enlisted the help of Kroll Fraud Solutions to “provide fraud counseling and credit monitoring services at the university’s expense.”

The University plans to notify those affected through letters to be sent out today. A call center will also be established and a set of frequently asked questions will be issued to those people whose information has been affected.

Source: WBVR

SC Magazine reports that the breach affected 45,277.

There is no information on Cornell’s site at the time of this posting, but the university press office confirmed that a computer had been stolen and that the university is investigating. A spokesperson said that he was aware of the email circulating that included a reference to 45, 277 affected, but that he would not comment on it, saying only that the university will be posting something to their web site when they have more information.

Update: an FAQ is now available on Cornell’s site. Some of the facts:

In June, 2009, a Cornell-owned computer that contained a large amount of administrative data was stolen. Our review of a current backup of the files on the system revealed that confidential personal data for about 45,000 current and former staff and students, and some dependents, had been present.

A member of the Cornell technical staff, who is responsible for supporting our central administrative systems, was using these files to correct transmission errors found in the processing of the files. The data was being used for troubleshooting. Cornell’s information security policies and guidelines do not allow unencrypted confidential personal data to be stored on any computer device that is not in a physically secured location. This employee’s actions, although unintentional, violated our policy and practices.

Related posts:

  • Will Beacon Health Solutions’ incident prompt OCR to start enforcing notification “without undue delay?”
  • HHS Settles Charges Against Cornell Prescription Pharmacy Over Disposal of Records
  • 100+ Education hacked, thousands of accounts leaked by @TeamGhostShell
  • ProjectWestWind: TeamGhostShell hacks and dumps 120,000 records from 100 U.S. and non-U.S. universities (updated)
Category: Breach IncidentsEducation SectorTheftU.S.

Post navigation

← TJX Settles with 41 States
Prescription drug fight goes before appeals court →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.