-[[link|url=http://wvbr.com/news/663]]Students React to Security Breach[[end-link]]
-[[link|url=http://wvbr.com/news/662]]Text of the E-Mail[[end-link]]
The affected people totaled 22,546 current and former students and 22,731 current and former faculty and staff, amounting to 45,277 people in the Cornell community.
The breach appears to have affected recent graduates, as well as students enrolled during the 2008-2009 school year. There have been no reports of students entering in the 2009-2010 school year who have been affected.
Cornell to Offer Fraud Assistance
An internal memo sent Friday from University Auditor Mike Dickinson was obtained by WVBR. The message said that currently, no misuse of this sensitive information has been found. Also in the message, Cornell said that they have enlisted the help of Kroll Fraud Solutions to "provide fraud counseling and credit monitoring services at the university's expense."
The social security numbers and names on the computer are not believed to be encrypted, meaning that anyone can access the data by simply opening a file.
WVBR spoke early on Tuesday afternoon with University spokesman Simeon Moss who confirmed that a security breach had occurred and that an internal investigation is now underway. Moss declined to comment further. Law enforcement officials have been notified and further investigation is pending.
University to Contact Affected Individuals
Shortly after WVBR broke the story on Tuesday, the University notified all students and staff affected by the breach via e-mail late in the afternoon. The e-mail contained preliminary information about the breach and came in advance of formal notifications via U.S. mail. Click [[link|url=http://wvbr.com/news/662]]here[[end-link]] to read the text of the e-mail sent to affected members of the Cornell community.
The official letter will contain a full description of the services the University is offering at its expense.
A call center will also be established and a set of frequently asked questions, accessible at [[link|url=http://faq-june2009.cuinfo.cornell.edu/]]http://faq-june2009.cuinfo.cornell.edu/[[end-link]] has been issued to those people whose information has been affected.
Computer Stolen Earlier in June
The computer itself was stolen earlier this month, though University officials only became aware of the security issues late last week. The computer had been issued to a member of the Cornell technical staff, who was correcting transmission errors found in the processing of files. The data was being used for troubleshooting, and under information security policy, should have been in a physically secure location. University officials have stated that the employee's actions violated this policy.
The University has not yet stated from where the laptop was stolen. However, Cornell and Ithaca police logs indicate two thefts of computers this month. One investigation, on the Cornell campus, is closed. Another, describing the theft of a laptop and a backpack from a vehicle on Seneca street, remains pending. The Ithaca Police Department would not confirm whether that investigation is related to the security breach.
Stay tuned to WVBR for continuing coverage and keep your browser on WVBR.com for updates. WVBR will also have exclusive interviews with Cornell officials as the story develops.
A stolen Cornell University computer has compromised the personal information of thousands of members of the University community. The computer contains the names and social security numbers of current and former students as well as current and former faculty and staff members.