By Marlon A. Walker
Dec 04, 2007
DURHAM - The Social Security numbers of about 1,400 prospective Duke Law
School students may have been accessed by a hacker to the schools Web
site, officials said Tuesday.
An editor working on the site Thursday afternoon found several links
that were not authorized, Duke Law School spokeswoman Melinda Vaughn
said Tuesday evening. She said the site was immediately taken offline
and an investigation into how the links were put on the site commenced.
Vaughn said two databases one for students who have requested
information on the law school and one for students who have already
submitted applications were available for viewing by hackers. The
database for interested students included the social security numbers of
about 1,400 students. The issues for applicants were e-mail addresses
and user-generated passwords used to check their application status to
the law school. About 1,800 people were registered on the second
database, she said.
We were concerned that some of those people might have used the same
passwords that they used on other sites, Vaughn said.
In an e-mail to the affected students, associate dean of admissions
William J. Hoye alluded to the fact that the information may not have
"We have no evidence that the intruders actually downloaded or acquired
any of this information," Hoye said in the e-mail, sent Tuesday.
"Nonetheless, we know they had the opportunity and the tools to do so."
The school is telling those affected to monitor their credit as a
precaution. A phone number and e-mail address have also been set up for
anyone to get answers to any questions regarding the breach.
Vaughn said personal information of two current students was possibly
compromised in the site breach. Those two, she said, were among the
prospective students who had generated passwords to check their
Tuesday evening, a note on the Duke Law School Web site said some of its
content continued to be unavailable for access. Vaughn said she expected
the site to be back online as soon as Tuesday night.
Were certainly continuing the investigation, she said. We still dont
know what happened and who did it.
Visit InfoSec News