Credit Card Fraud and Identity Theft Concerns

STATEMENT FROM GEORGIA TECH ON A RECENT COMPUTER INTRUSION

In the early morning hours of Sunday, March 9, computers hackers circumvented Georgia Tech server security and gained illegal access to a server in our business office. Our investigation reveals that the system was used as an illegal FTP site and appears to have been used to distribute large digital files (e.g. movies, music, etc.). The intrusion was potentially serious and resulted in the downloading of some 350 gigabytes of data from that server. This illegal entry also gave the intruder the opportunity to view files that were resident on the server. Files housed on this system date from as far back as July 1, 2000, and may include:

-- • Travel and reimbursement vouchers for employees,
-- • which may contain credit card, social security numbers,
-- • and signatures;
-- • Images of receipts and invoices related to the above;
-- • Personal contact information;
-- • IDs and passwords for access into our P-Card
-- • (on-campus credit card purchase system)
-- • Files available in the P-Card system include:
-- • Account numbers and expiration dates
-- • Employee ID numbers
-- • Employee address and phone numbers
-- • All transaction information for roughly the last two years.

While nothing may come of this, there are potentially serious ramifications. The Institute has already taken steps to limit access to this information. Our foremost concern, however, is for the integrity of any personal information that may have been accessed. Any employees who have submitted travel or reimbursement vouchers since July 1, 2000, and who did not follow Institute guidelines on blacking out personal credit card information, could be at risk. A spot check of information in the system found some credit card numbers, Social Security numbers, personal contact information, and drivers license numbers from supporting documentation to Travel Expense Statements. That risk to those whose information may have been in the system includes identity theft and/or unauthorized credit card usage.

We are in the process of trying to further pinpoint who may have been impacted and will be providing information to unit business offices over the course of the next few days. Initial estimates are that fewer than 1,000 faculty and staff could have had information in the compromised system. In the meantime, however, there are a number of things that anyone who may be in this situation should do to prevent or mitigate any problems.

1. Contact the credit reporting agencies and tell them that your personal information may have been compromised and request a credit report. The three agencies are listed below. Please know that there is no need to pay anyone to obtain this information, unless you want to receive it in an expedited fashion. This is a free service.
-- • Equifax - (800) 525-6285
-- • Experian - (888) 397-3742
-- • TransUnion - (800) 680-7289

2. Contact your credit card companies and inform them that your credit card number may be compromised. The phone number for your company should be on the back of each credit card. If not, contact the financial institution through which you received the card.

You should also continue to check this site, which has been established specifically for this issue. Here you will find information and links to other sites that may be helpful.

The Institute recognizes that those potentially impacted may need time and resources to investigate credit history, cancel credit cards, or take other precautionary steps. As such, supervisors are encouraged to allow anyone who may be impacted to use Georgia Tech phones and computers, and use time at work to take whatever steps are necessary to protect themselves from potential fraud.

From an Institute perspective, there are a number of steps already being taken to limit exposure.

We have been in touch with the appropriate state and federal authorities to assist us in the investigation of this crime.

We are working with Bank of America on the P-Card issue and they have been very helpful in the process. Effective immediately, all of the some 1,000 P-Cards are cancelled and a process is in place to replace them all. It appears that no unusual activity has occurred with any of the P-Card information. Procurement Services will contact P-Card coordinators and holders within a week to pick up new cards. In the meantime, if your department has to make a small dollar purchase, you may use departmental purchase orders. We apologize for the inconvenience, but this is the most effective solution to the intrusion problem.

We will also be directly contacting any vendors which may have been in the compromised system and alert them to the intrusion.

We have altered access to the system in question and will now have very tight access controls on those and other servers. Some of that access control may result in changes to who and how information is accessed. Those impacted by these changes will receive specific information on that.

We will be providing unit heads with a listing of personnel who have received reimbursements documented in the compromised server. Unit business personnel are encouraged to assist staff in any desired review of past Travel Expense Statement supporting documentation. Procurement Services and Accounts Payable staff can assist in document retrieval if unit records are not available.

Network attacks are sadly commonplace phenomena on university campuses, in corporate headquarters, at government institutions, and on personal computers. As written about in todays Chronicle of Higher Education, the trends toward network attacks are decidedly on the rise. Universities are particularly targeted due to our open society culture.

We hope to provide as much information as possible to prevent or minimize any problems to individuals or the Institute. For this purpose, OIT has established this Web site (http://www.fraud_concern.gatech.edu). Please take the time to review the information here and avail yourself of it, if you think that you may have had personal information in the system. We will continue to try and keep you abreast of any developments with this issue and will post all mass communication to this site as well, for future reference.

We hope that no problems arise as a result of this criminal intrusion into our business systems. We also hope that by letting everyone know of the potential for problems as soon as reasonably possible, that we can prevent anything from arising.

We dont know all of the answers at this point, but are working hard to find them. If you need additional information, you may contact an e-mail established specifically for this effort at fraud@gatech.edu. You may also contact Judy Whitfield in Procurement Services at 404.894.9054. Please understand, however, that there may be problems getting through to that number immediately.

We will continue to provide you with information as it develops and we appreciate your understanding and patience as we navigate through these uncharted waters.