INDIANAPOLIS – Approximately 4,500 students attend Butler University each year, but a recent computer hacking incident tied to the school was so big, 163,000 people had to be notified.
They include students, staff, alumni as far back as 1983 and even people who didn’t attend the university, like applicants and sporting event ticket buyers.
The three-page letter from Butler University President Jim Danko says on May 28, California law enforcement alerted the university that a suspect in an identity theft investigation had in his possession a flash drive containing the personal information of certain Butler University employees.
It goes on to say the leak could have happened from unauthorized hacking in Butler’s computer network between November 2013 and May 2014.
“We retained the services of a third-party computer forensics expert and really got down to determining where the breach happened and the personal information about Butler employees,” said University Spokesperson Michael Kaltenmark.
Kaltenmark says it turns out 163,000 people needed to be alerted.
Matt Caruso is one of them.
“Well at least they’re owning up to a mistake!” said Caruso, a 2003 Butler graduate. “Somebody was able to worm themselves in, so this was pretty kind of them to do.”
The university says there are not too many confirmed victims of fraud that they are aware of, and those that have seen fraud mainly include employees.
Caruso was a fraud victim on June 2. He can’t say for sure it was the Butler hacker, but says the timing fits.
“Somebody did try to buy about $300 worth of something at a Walgreens in Dallas. Fortunately Bank of America noticed it and sent me an e-mail asking to verify and I said I haven’t been to Dallas in five years, that’s not me.”
Kaltenmark says, “The part of the Butler University network that was exposed by the hackers, we determined what that was, corrected that issue and we’re working to take steps to further fortify the Butler University network so things like this don’t happen in the future.”
He suggests checking your bank and credit card statements from November 2013 through May 2014 for fraudulent activity.
Everyone who received a letter got a free one-year membership to an identity protection agency.
“At least for now they did offer some kind of protection which I think is pretty nice of them,” said Caruso. “I”ll give it a go and see how it goes.”