Princeton admissions hacking incident resolved

Yale will take no further action in response to Princeton’s unauthorized access of Yale online admissions decisions, Yale President Richard Levin said Tuesday.

Yale admissions officers learned about the security breach May 15 when Stephen LeMenager, Princeton’s director of admissions, mentioned his entry into the Web site during a conference for admissions officers. Yale filed a complaint to the FBI on July 25, the same day the Yale Daily News published an online story about the incident.

Princeton President Shirley M. Tilghman later issued an apology to the Yale admissions office and to the eight applicants whose admissions decisions were accessed by the Princeton staff. After a Princeton investigation confirmed that LeMenager and other admissions officers had repeatedly logged on to the Yale site using Social Security numbers, LeMenager was removed from his post in the admissions office and reassigned to Princeton’s Office of Communications.

“Students who apply to Princeton, or to any other university, have every right to expect that information they provide in good faith will be used only for the purposes for which they provided it, and that their privacy and confidentiality will be respected,” Tilghman said in a statement. “We clearly did not meet these expectations in this case.”

Levin said that as far as Yale is concerned, the incident has been resolved.

“President Tilghman has handled a very difficult situation in an exemplary manner,” Levin said. “I am — confident that all concerned now recognize the importance of protecting the privacy of college applicants.”

Among the applicants whose results were accessed were Lauren Bush, a niece of President George W. Bush, and Ara Parseghian, a relative of the legendary Notre Dame football coach of the same name.

Princeton’s investigation concluded that the information the admissions staff obtained was not used for any purpose other than testing the security of the site and satisfying their own curiosity.

“It was really an innocent way for us to check out the security,” LeMenager told the News in July. “That was our main concern of having an online notification system, that it would be susceptible to people who had that information — parents, guidance counselors and admissions officers at other schools.”

Delcie Thibault, a spokeswoman for the U.S. Attorney’s Office in Connecticut, said allegations of a violation of a federal law fall under the jurisdiction of the Federal Bureau of Investigation.

“There are actually laws that are specifically oriented toward this sort of behavior in the context of technology,” said Robert Dunne, the co-director of the Center for Internet Studies at Yale. “There are any number of statutory problems, unauthorized access or exceeding privilege, and then of course, from the perspective of the students, they would have personal claims.”

Yale applicants were able to find out online for the first time this year whether they had been accepted to the University. The site was protected by a login page that required users to enter their name, birthday and Social Security number.

To access the site, LeMenager used information submitted by applicants to Yale who had also applied to Princeton.

Richard Shaw, the dean of undergraduate admissions and financial aid, said Yale will continue to use the online notification system next year.

But in the wake of the Princeton incident, Shaw said that Yale will implement tighter security measures for the online site next year, including a personal identification number for each applicant.

“We certainly want to ensure that only students have access to the information — or those that they approve,” Shaw said.

Comments