Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

FBI, Princeton to investigate breach of Yale admissions Web site

Todd Weiss   Today’s Top Stories    or  Other Security Stories  
 

Sign up to receive Security Resource Alerts

July 26, 2002 (Computerworld) -- The FBI and Princeton University have opened investigations involving a Princeton admission official who improperly logged into a Web site for students applying to rival Yale University.
In a statement today, Princeton officials acknowledged the incident, which occurred in April, when at least one admissions department worker "used the Social Security numbers of a number of Princeton applicants to access a secure Web site by which Yale informed its applicants of its admission decisions."
Princeton officials said they notified Yale officials of the incident at a May meeting of Ivy League admission officers. Yesterday, according to Princeton, Yale reported the incident to federal and state law enforcement officials.
Lisa Bull, spokeswoman for the FBI field office in New Haven, Conn., confirmed that the office has opened an investigation but refused further comment.
A spokesman for Yale in New Haven couldn't be reached for comment. Officials at Princeton, N.J.-based Princeton University said they wouldn't comment beyond their written statement.
The Princeton official has been identified as Stephen LeMenager, an associate dean of admissions, who acknowledged that he improperly accessed the Yale Web site, according to Marilyn Marks, a school spokeswoman. LeMenager, who began at Princeton as an admissions officer in 1983 and is second in command at the admissions office, couldn't be reached by telephone today. He was placed on administrative leave while the investigations continue.
Security and privacy experts said the incident provides lessons for both sides, as well as for all Web users. Most important, they said, was that both universities apparently should share the blame for this incident.
Eric Hemmendinger, an analyst at Boston-based Aberdeen Group Inc., said Yale was foolish for using easily obtained name and Social Security information to allow access to its admission status Web site. "This wasn't a question of if someone was going to do this, but when," Hemmendinger said. "It's not appropriate, but it was foreseeable."
The Rev. William Grogan, an ethicist and attorney at Loyola University in Chicago, said the combination of lax security by Yale and the "predatory ethics" at Princeton led to the incident. Many universities have unfortunately adopted the business maxim of "do whatever it takes to reach your goal," he said, even if it harms others. "That appears to be adopted in this academic culture," Grogan said.
Marc Rotenberg, executive director at the Washington-based Electronic Privacy Information Center, a privacy advocacy group, said the incident provides a stark reminder to always look at the potential downside of personal information that is posted online. "What the Princeton official did was probably wrong" and could even be illegal, Rotenberg said. "The Yale mistake was putting sensitive information online with weak access controls."
Jose Granado, a security specialist at New York-based accounting firm Ernst & Young LLP, said more accountability is needed before personal data is posted on the Internet. "These kinds of things are going to continue to happen in the future because of the amount of information online these days," said Granado, director of Ernst & Young's advanced security center in Houston.
Princeton hired Newark, N.J., attorney William Maderer to conduct an independent investigation. The university said that it "deeply regrets the improper acts that have taken place" and that it has pledged to cooperate with authorities investigating the incident. Computers and other equipment will be scoured as investigators work to determine who was involved and why the activity was undertaken.
The Web site activity by Princeton admission staff members was first reported yesterday by the Yale Daily News, Yale's undergraduate campus newspaper.









Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"A couple of weeks ago at..." Read more...
"Most security companies tend to take a horizontal approach looking to capitalize on the finance, service provider, and federal government..." Read more...
Read more Security posts or See all Blogs

Elgan: You can be Batman, too
Study: IT jobs will drop in 2009
RIM fixes critical BlackBerry Enterprise Server bug
More top stories...
Apple's recall demand would probably kill Psystar, says IP attorney
DNS flaw discoverer says more permanent fixes will be needed
AT&T muffs free iPhone Wi-Fi offer again

11 cool new apps for the iPhone
With the opening of Apple's App Store, the iPhone takes a revolutionary leap from cool mobile phone to hot mobile platform. See our list of apps you should definitely check out for yourself.
Google is doing WHAT?
Its motto is "Don't be evil" — but it looks like anything and everything else imaginable is pretty much fair game — not to mention some wildly rumored projects that we asked the company to confirm or deny.
The new face of R&D: What's cooking at IBM, HP and Microsoft
The talk at three big research houses is all about "open innovation." Is that a feel-good catchphrase or the R&D strategy of the future?
Review: The iPhone 3G was worth the wait
After months of waiting for a 3G-based iPhone — and hours waiting in line to actually buy one — Ryan Faas says it "packs quite a punch, both in its design and in the 3G and GPS capabilities" it offers.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
Data Center Management Zone
Enterprise-Class Security Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
Business Intelligence and Analytics Zone


Ads by TechWords

See your link here
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Eliminate SPAM, Gain Productivity
Get this white paper now!
(Source: MessageLabs) Learn all about the dangers and the costs of spam in all its forms - from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses - and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
New Fujitsu High-End Itanium Windows- and Linux-Based PRIMEQUEST Servers Offer the Utmost in High Availability
New Fujitsu High-End Itanium-Based PRIMEQUEST Servers Offer Industry-Leading System Management for Linux and Windows
Web Security SaaS: The Next Generation of Web Security
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.