Harvard server hacked, database of student data on BitTorrent
Harvard, the Ivy-league bastion of higher learning released a statement on Monday that its database of applicants to the Graduate School of Arts and Sciences from last year was compromised.
As many as 10,000 applicants could have had their information exposed, with at least 6,600 comprehensive profiles that include names, Social Security numbers, dates of birth, mailing and e-mail addresses, phone numbers, test scores, and school records.
A small number of student records even included details as specific as personal health issues and food allergies.
The statement said the extent of the hack was not fully revealed in the initial examination. However, the hackers made the degree of their compromise visible, by availing all the information on BitTorrent as a 125MB file containing a backup of the GSAS site, including the full directory structure and its three databases.
According to the host of the file, the hack was executed to show that the server's admin does not know how to secure a Web site.
That seems to be an echo of the 2004 case of two first-year students hacking into Oxford's computer system and publishing a front page story about it in the Oxford Student. While those students claimed to only have the security of the school in mind, the result was more a mockery of the school's inferior IT department.
The GSAS' administrative dean said the school is "truly sorry" for the incident and is notifying and apologizing to everyone in the database. The school will be paying for identity theft recovery services for all parties involved.