July 30th, 2012 | University

Hacker group breaches Yale databases

The hacker group NullCrew claimed it had obtained 1,200 accounts on Yale databases, but the University said only 450 accounts were affected by the breach.
The hacker group NullCrew claimed it had obtained 1,200 accounts on Yale databases, but the University said only 450 accounts were affected by the breach. Photo by NullCrew.

A hacker group known as NullCrew claims it obtained the personal information of 1,200 Yale students and staff members from University databases.

University spokeswoman Elizabeth Stauderman ’83 LAW ’04 confirmed that hackers obtained files containing personal information from participants in the Yale Initiative to Strengthen Teaching in Public Schools on July 17, but she said only 450 accounts were affected. NullCrew claims it gained access to social security numbers, names, addresses and phone numbers, though only usernames, passwords and email addresses were published by the collective, which claims its only intention was to prove the security faults in institutional databases.

“In fact, the governmental and educational sites are the least secure in the experience we’ve had with .edu and .gov websites,” the hackers said in a message alongside the published data.

Stauderman said Yale has taken immediate action to secure the breached computer and is in the process of notifying the authorities and the affected participants. She added that the University will offer identity protection services to those affected.

The NullCrew breach was the largest known breach of Yale databases since late 2010, when the names and Social Security numbers of 43,000 people affiliated with the University were hacked and then made searchable online. The University announced that breach 10 months later, in August 2011.