Confidential information, including students' names, social security numbers and birthdays, is no longer secure within the College's databases, as an unauthorized user gained access to eight computer servers in the Berry Machine Room and uploaded an unauthorized program late Wednesday night.
Associate Provost for Information Technology Larry Levine alerted the entire College community of the intrusion and the potential information leak in a BlitzMail message sent on Friday evening.
With access to people's names, social security numbers and birthdays, the hackers could obtain a credit card in someone's name, access financial information or create a false identity.
Levine encouraged the recipients of his e-mail to take appropriate action to protect themselves from identity fraud and to contact computing services or human resources to discuss the matter in depth.
While Levine told The Dartmouth that many recipients responded to his e-mail, to the best of his knowledge, "no one has discovered any questionable activity."
Levine reported the hacking to the Federal Bureau of Investigation, but he said that the FBI receives many reports related to these types of hackings and that he is doubtful that anything will come of his report.
"The odds are very low," Levine said of apprehending the hackers. "This kind of intrusion usually involves the person doing things that would cover their tracks."
Levine identified the risk of identity fraud as the main issue to arise from the hacking.
"I think the risk is low, but I definitely can't say that the risk is zero, so that's why I notified the campus," Levine said.
In his e-mail, Levine reassured the Dartmouth community that the hackers involved in these types intrusions typically want "to gain temporary access to space on a server on the Internet so as to provide illegal access to music and movies, or to launch denial-of-service attacks" and not because they want to gain access to personal information.
One of the eight computer servers contained sensitive personnel information, including data concerning College employee benefits, retired employees pension plans and named dependents. Another server contained student and staff immunization records and College sponsored research grant data.
Although all of this material may have been copied, Levine reported that there is no evidence that suggests that the hackers duplicated personnel records.
The hackers did not physically infiltrate the Berry Machine Room, which is located on the lower level of Berry Library, as the intrusion was completely electronic.