Skip to Content, Navigation, or Footer.
Friday, March 29, 2024
The Observer

Authorities investigate ND breach

While the investigation into the Jan. 13 security breach of a Notre Dame Development Office server has not yet determined the source of the intrusion, no direct evidence of fraud has been reported to the University, a Notre Dame official said."Forensic experts are still assessing the server itself and criminal investigators continue to examine the incident to identify potential perpetrators," Vice President of Public Affairs and Communication Hilary Crnkovich said in a statement Thursday.The information at risk - belonging to a "minority" of alumni donors and friends of the University, Crnkovich said Jan. 22 - could include Social Security numbers, credit card information and check images from donations made between Nov. 22, 2005 and Jan. 12.Crnkovich declined to comment Jan. 22 on how many donors were potentially at risk.While the University received hundreds of phone calls on Jan. 23 - the first business day after the breach was reported - calls to the University's toll-free hotline had "virtually ceased" as of Thursday, Crnkovich said.Donors possibly affected by the breach were sent a letter Jan. 20 and an e-mail Jan. 21 from Vice President of University Relations Louis Nanni, who advised the group to take appropriate safeguards by visiting a newly-created support Web site and call the toll-free number established by the University.Gordon Wishon, chief information officer for the Office of Information Technologies, said Jan. 22 the University was working with two independent forensics firms to analyze the server but said the source of the intrusion might never be determined - especially if the hack originated overseas or if several relay sites were involved.The ongoing investigation also includes a broader examination of how the University safeguards all confidential information."The Data Oversight Committee, established over one year ago, is taking additional steps to secure University data," Crnkovich said. "This Committee continues to assess the current information technology infrastructure, business processes and acceptable use policies, and make recommendations and improvements for data protection while striking a balance for ease of use and sharing of information in the most optimal manner."