International SOS, a global medical and security services company that is a primary resource for Dartmouth students traveling abroad, reported in September that its U.S.-based servers were hacked in late August. The cyber attack breached the company's emergency records, which contained clients' names, addresses, emails and passport information.
In an email sent on Oct. 18, Risk and Internal Controls Services director Catherine Lark told Dartmouth students studying abroad that information in the ISOS database may have been viewed during the attack.
ISOS marketing communications director Erin Giordano said in an email that approximately 4 percent of its clients were affected by the incident. All financial data was encrypted and not exposed, and there is no evidence that any of the hacked data has been misused.
Students generally concluded that the attack did not affect them.
"Personally, I don't really care at all because I didn't end up loading any of my personal information into ISOS," said Robert Meyer '15, who is on the government foreign study program in London. "I haven't provided them with my social security number or anything."
Other Dartmouth students abroad who decided to not enroll said they did not receive any emails.
The College has worked with ISOS for over 10 years to provide emergency services to students and employees abroad. Its services include travel, medical and security advice support, including medical referrals, legal aid and evacuations. ISOS assistance centers draw on a support system of over 76,000 network providers to ensure competent local support.
"The idea is that if you have troubles, if you're not feeling well, if you need a doctor, you can call ISOS and it can tell you that the best hospital is the one five miles down the street, not the one down the corner," Lark said. "If there was political unrest and we needed evacuation services, we would look to International SOS to get you out."
Students who study abroad are recommended but not required to use ISOS and most use the service to seek medical treatment.
Meyer said he was impressed by the quality of ISOS service.
"I needed to see an emergency dentist, I had an infection." Meyer said. "I just called them up, and I got an appointment that day to see the dentist."
Dartmouth students affected by the security breach are expected to receive an email update later this week.
"We want to make sure those that had info out there that was breached actually read the letter that came from ISOS," Lark said. "We went ahead and sent out the memo to ensure that when they see the email from ISOS they don't think it's nothing and delete it."
The email sent from Risk and Internal Controls Services does not provide significant detail beyond the ISOS reports because the cyber attack was not directly related to Dartmouth.
ISOS will continue to invest in resources to help protect customer information, and the necessary technologies and processes are constantly evolving to meet the abilities of increasingly sophisticated hackers, Giordano said.
ISOS partnered with global identity theft protection service provider CSID to follow up with people enrolled in the program and will offer affected students one year of identity theft coverage for free.
Giordano said in an email that investigations will continue.
"We alerted the appropriate law enforcement agencies and are working in full cooperation with their current investigations," Giordano said.
