College Investigates Database Server Breach | Teachers College Columbia University

Skip to content Skip to main navigation

College Investigates Database Server Breach

Early on the morning of May 20th, a hacker or hackers illegally entered a Teachers College computer system. The server that was breached contained personal information of approximately 975 international students and visiting scholars.

Early on the morning of May 20th, a hacker or hackers illegally entered a Teachers College computer system. The server that was breached contained personal information of approximately 975 international students and visiting scholars, generally including name, address, date of birth, immigration status and, in many instances, a social security number. In a very small number of cases, visa and passport numbers were exposed. The database did not include any bank account, credit card or driver's license numbers.

The College discovered the illegal entry the day after the intrusion.

"Upon discovering the breach, we promptly disabled access to the server, reported the illegal entry to law enforcement authorities and the Department of Homeland Security with whom we are cooperating, and launched an internal investigation to determine where greater security measures might be  needed," said Vice President and Dean of Academic Affairs Darlyne Bailey. "Our database has since been rebuilt on a new computer which has been made more secure, and the College's ability to comply with the Student Exchange and Visitor Information System [SEVIS] has remained unimpaired."

"At this time, we do not know the identity of the illegal intruder or whether any personal information was actually accessed or copied. It appears that, as with many similar incidents that have occurred at other colleges and universities, the intruder attempted to use our computer to launch attacks on other machines on the Internet. However, we notified each of the individuals whose information resided on the breached server so that they could take steps to protect themselves against the possibility of identity theft.

"We regret that this crime occurred, and we are working on an ongoing basis to increase our network security," Dean Bailey said.  

Members of the TC community who do not receive a letter by June 10th  about the incident (allow additional days for overseas delivery) most likely did not have records on the breached server. However it is possible that in a few instances, the College did not have the most up-to-date contact information. To update contact information with the College, TC community members are advised to contact the Office of the Registrar.

Information about identity theft is also available on the website of the Federal Trade Commission at www.consumer.gov/idtheft/, or via the FTC at 877.438.4338. For further assistance and information, please also see "frequently asked questions" at www.tc.edu/infosecurityfaq, or call the Office of International Services (212 678-3939) during business hours.

Published Monday, Jun. 6, 2005

Share

More Stories