BU reports data breach of 400 ROTC members
The Social Security numbers and other personal information of thousands of ROTC members, including more than 400 from Boston University, have been in jeopardy for nearly one year after it was discovered that someone affiliated with ROTC at BU had installed a file transfer program onto a military server without permission, university administrators said.
The security breach was found at random by an Alfred Mann Foundation network administrator in California. Andrew B. Binder, from Alfred Mann and a US Navy Reservist, said he came upon the personal information of thousands of Reserve Officers’ Training Corps members across the country while searching online for software to help connect to a military website, BU officials said in a statement Thursday.
Binder called BU on July 28 to warn administrators of the vulnerability, and BU has since worked with the US Army Cadet Command to contact the 406 ROTC members from BU whose personal information was put at risk, university spokesman Colin Riley said.
BU officials said 6,675 ROTC members were affected nationwide.
The university has moved quickly to help its students avoid identity theft, Douglas Sears, director of military education at BU, said in a statement Thursday.
“Obviously we are distressed that personal information may have been compromised because of an error within our unit,’’ he said.
No BU members have reported any incidents of identity theft, he said.
The incident occurred last September when a Boston University ROTC member installed a file transfer program, without permission, onto an ROTC server, administrators said.
BU notified Massachusetts Attorney General Martha Coakley of the security breach and hired a security company to investigate the situation and make recommendations on how to prevent such breaches in future, Tracy Schroeder, BU vice president for information systems and technology, said in a prepared statement.
