Data breaches continue to plague universities and now the FBI is joining in an investigation into the attack at Johns Hopkins University in Baltimore.
Names, email addresses and phone numbers of as many as 1,307 current and former students in the Department of Biomedical Engineering’s Design Team course ended up stolen from a web server, university officials said. They were posted online Thursday by a hacker claiming to be from the group Anonymous.
The hackers tried extorting the university out of server passwords Wednesday, officials said, but the university did not grant the request.
Officials said the breached server did not contain Social Security numbers, birth dates, credit card numbers or any financial data used for identity theft.
Officials said much of the stolen data was employee data that is publicly available from the department’s website. Officials said the students from the BME department that ended up affected were in the Design Team course from 2006 to this past fall.
University officials said the server from which the information ended up stolen primarily sees use to produce the BME department’s website. The breach occurred late last year but came to light when someone posted on Twitter in January the server was open to attack.
Officials said they identified the coding error that left a database on the server vulnerable and immediately fixed it, but by then, attackers already got the data.
The department, the Whiting School of Engineering and the university are also investigating the breach.
University officials said they are pursuing efforts to have the stolen information already posted removed from the websites where it appears.
In February, the University of Maryland was the victim of a sophisticated computer security attack that exposed records containing personal information, too. The breached database contained more than 309,000 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who gained a University ID since 1998.