Sacred Heart is latest university to be hacked

TV station says personal data of 135,000 was possibly exposed, including people who were never associated with the school.

Greg Sandoval Former Staff writer
Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.
Greg Sandoval
2 min read
Sacred Heart University is the latest school to be victimized by hackers, according to a message posted on the school's Web site.

The Fairfield, Conn.-based university said in the posting that it discovered the intrusion on May 8 and notified police and the FBI, which have launched investigations. Sacred Heart offered no details on when the hackers may have entered the system or the kind of information that may have been exposed.

School officials could not be reached for immediate comment. But television news channel WTNH reported Thursday that the school has notified about 135,000 people that their personal information, including Social Security numbers, may have been compromised. Some of the people notified, according to WTNH's report, have never been associated with Sacred Heart.

The news channel quoted an unnamed source who said that the school told him that his name, address and Social Security number were obtained by the university from information he provided when he took his college entrance exams eight years ago. The report didn't say why Sacred Heart would collect the data, but schools often gather such information for recruiting purposes.

Universities are easy pickings for data thieves, or so it seems to critics. Dozens of schools from across the country have suffered electronic intrusions during the past two years, and some security experts have questioned whether schools are committed enough to safeguarding sensitive data entrusted to them.

Avivah Litan, a security analyst with research firm Gartner, has said the nation's universities don't take the issue of security serious enough and "don't want to spend money" on taking necessary precautions.

Litan made the statements last week after learning that hackers had control of a computer server at Ohio University for more than a year. The university said earlier this month that two other servers were broken into and that about 200,000 Social Security numbers were exposed as well as some student health records.