Washington Evening Journal
http://washington-ia.villagesoup.com/p/986654

Neighbors Growing Together | Sep 30, 2014

Kirkwood hacked

Students concerned about information security
By David Hotle | Apr 09, 2013
Washington High School students Kaytlyn Christner and Bridget Nebel, work at their computers during a business class Tuesday morning. Both have taken Kirkwood college-level courses through the Washington School District. Recently, the registration database at the community college was hacked.

A recent security breech at Kirkwood Community College is leaving many Washington County students concerned for the safety of their personal information.
Washington High School students Kaytlyn Christner, daughter of Tracy Christner and Rodney Christner, and Bridget Nebel, daughter of Jim and Mary Nebel, have both either taken Kirkwood College courses or are currently taking them. In their first period business class, they both expressed concern for the situation. Nebel said that she had received a letter from Kirkwood saying that her personal account may have been one of the accounts breeched.
“It’s not only your Social Security number, but it can affect your credit ratings,” she said.
Nebel, a senior, said that she has taken many business courses through Kirkwood. She said that she signed up for the courses through the high school to earn credits and save money before she goes to college. She said she had seen a news report concerning the theft yesterday and found the letter to her when she got home.
The letter, which Kirkwood sent out Friday, informs people who applied to be students of the possible breech. Dr. Kristie Fisher, vice president of student services at Kirkwood, said that on March 13, college personnel discovered some unusual activity on the school’s Web site. The Kirkwood employees immediately took the site down as a precaution. On further investigation, it was determined that the school’s student application database had been accessed and Kirkwood personnel had caught the breech as it was happening. Fisher said that there is no evidence one way or the other that any information was downloaded. She said there are about 125,000 applications in the database for potential students from February 2005 through March 13.  
Christner said that she has taken several computer science courses through Kirkwood. She hasn’t received a letter, but said that she believes she may get one soon.
“I think that is a big deal,” she said. “How many students take college classes and give their Social Security numbers. Now, you don’t know who has it and you don’t know if you are safe.”
Both students say that they plan to keep an eye on their credit scores, in case someone tries to use the information from Kirkwood’s site.
“It is scary thinking that information is out there,” Nebel said. “You are thinking that the computer system at a college is supposed to be secure, but obviously someone found a way to get around it.”
Fisher said the college’s Web site was put back up later that day, but the application database was kept down until April 4. She said the college had worked with a security firm to harden security around the system. The school has also contacted the Federal Bureau of Investigation (FBI) about the matter. The FBI has learned that the hacker was using an international IP address.
She said in a worst-case scenario, the information could be used for identity theft. She said credit cards or loans could be taken out in a student’s name.
Sgt. Shawn Ellingson of the Washington Police Department is a regular speaker on the topic of Internet safety. He said in cases where people feel their personal information may have been stolen, the best step to take is to check credit scores with the three major credit bureaus. He said the service is free on a yearly basis.
“If something is going on, you can get control of it pretty quickly,” he said.  
Ellingson said the credit bureaus are Equifax, Transunion and Experian.
Fisher said the college is offering identity theft security for impacted students for one year. She said more information is available on the college’s site. She also said a phone number was provided to students who received the letters. Students who have not received a letter and are concerned they may be impacted can call the Kirkwood switchboard at 800-332-2055 to get more information. She said the security firm working with the college would help the students.
All Washington County school districts regularly work with Kirkwood and offer college-level courses to high school students.
Washington Schools Superintendent Mike Jorgensen said today he is confident that Kirkwood is taking all the necessary steps to ensure the safety of the accounts that were hacked. He cited a personal experience dealing with his credit card account that was hacked. He said once the hack was identified, the credit card company took the necessary steps to ensure the security of his identity.
“I would hate to be the one to cast the first stone, because it could happen here,” Jorgensen said. “We take every precaution to ensure the safety of our information, but as sophisticated as hackers are getting, it could happen.”
As a school district administrator, he said that the threat of someone accessing student information always hangs over his head. He said that the Washington system has multiple security procedures, but he said he always has the concern that it will not be enough.
Highland Schools Superintendent Chris Armstrong said he isn’t aware of any Highland students who had received letters indicating they may be affected by the security breech. He said that he has spoken with the high school principal and guidance counselor to ensure if any students are impacted, the proper information can be given to them. He said that Kirkwood is taking a proactive approach to the incident and is confident the college will provide identity theft protection for students who may have had their information stolen.
“Kirkwood is an excellent partner,” Armstrong said. “It is unfortunate any time a breech in security like this occurs.”
Mid-Prairie and Keota superintendent Mark Schneider was unavailable for comment.

Comments (0)
If you wish to comment, please login.