Ohio University Data Theft Case

In April 2006, Ohio University in Athens, Ohio, announced that computer records from the institution's training center for fledgling businesses had been stolen. Eventually, the university announced that five separate break-ins had occurred within various departments and offices. The social security numbers, names, medical records, and home addresses of thousands of students, faculty members, staff members, contractors, alumni, and guests at Ohio University were compromised when approximately 367,000 different computer files were accessed by unauthorized persons.

In July 2006, Moran Technology Consulting completed an audit of Ohio University's computer security performance. The company charged the university's Computer and Network Services Office with making cyber security a low priority, despite this office having had an average annual budget of eleven million dollars. For the past several years, this department had also received a 1.4 million dollar surplus.

In response to the audit, Ohio University officials approved spending four million dollars to improve computer security. The institution also suspended and eventually terminated the director of the Computer Services Department and the manager of the Internet and Systems Office. The head of technology at Ohio University also resigned from his position, but Ohio University continued to employ him in another capacity.

In July 2006, Moran Technology Consulting also revealed that this business had destroyed some of the evidence that auditors had collected for the report to Ohio University. Most of the destroyed evidence included notes that the auditors had taken while conducting the investigation. This company, because it was doing contract work for a public institution, Ohio University, was required to maintain all records amassed during the audit. Moran Technology Consulting eventually recreated most if not all of the notes from various computer files.

See Also