JCC systems were compromised when someone hacked into a computer with significant administrative rights within the Information Technology office from an external source. The hacker may have downloaded encrypted passwords for 8,000 JCC employees and students, many that were individuals' Social Security numbers, which could allow for possible identity theft.
The College has long used Social Security numbers as default passwords in setting up e-mail and computer accounts. Though people are encouraged to change their passwords, many continue to use their Social Security numbers, according to Jim Jones, director of information technology services for JCC.
"We don't think that Social Security numbers have been compromised, but we don't know for sure. We want to err on the side of caution," Jones said. "We don't have any way of knowing what they have been able to do."
JCC officials notified the campus Thursday and expedited improved security measures that were planned for the summer. In the near future, probably early next week, the College will begin enforcing a more stringent password policy requiring the combination of lower- and upper-case letters, numbers and punctuation marks, which are much more difficult to decrypt because of the almost endless number of possibilities. A majority of students and many faculty are not on campus regularly now because it is the College's Spring/Summer semester. Information Technology will be sending letters in the mail on Monday to all students and employees notifying them of the new passwords and best practices for minimizing identity theft.
Employees were notified of the security breach and given information about how to protect themselves from possible identity theft. The Federal Trade Commission has an identity theft Web page that includes precautions an individual may take to protect their identity information. Through the Web site, individuals may contact one of the three major credit bureaus and put a fraud alert on their credit file.
Information Technology continues to investigate the incident, and will keep the College and community updated on any further developments. "We apologize for any inconvenience, and we are doing everything to determine the extent of the existing problem and ensure that future problems do not occur," Jones said.
