Malicious link leaves St. Joseph’s site exposed

By CHARLES LUSSIER
Advocate staff writer
Published: Aug 30, 2008 - Page: 1B - UPDATED: 12:05 a.m.

Page 1 of 2
SINGLE PAGE VIEW

Thousands of personal records were briefly at risk this summer when an intruder placed a malicious link on the Web site of St. Joseph’s Academy in Baton Rouge.

Earlier this week, the all-girl Catholic high school sent out about 7,000 letters to anyone who might have been affected, including students, parents, teachers, staff as well as alumnae going back to the class of 1985.

Principal Linda Harvison described the letters as precautionary. She said the school has paid for an after-the-fact audit by a local accounting firm and found no evidence that any personal information was accessed.

“We really went on the side of extreme caution,” Harvison said.

As for alumnae, the school notified by mail only those alumnae for whom the school had Social Security numbers, she said.

The malicious link appeared on the news page of the school’s Web site on July 21.

Greg Hanner, systems administrator for the private school, said the link directed clickers to a site in China, which would then place malicious software on that person’s computer.

He said the school removed the link within minutes of it appearing and corrected the Web coding that allowed it to appear. Hanner said he is “99.9 percent” sure that the breach went no further, but said theoretically hackers could have used their access to that Web server to break into protected databases also on that same server. The protected databases included names, social security and bank routing numbers. The database, however, did not include any credit or debit card information, he said.

The firm of Postelthwaite & Netterville, which investigated the matter, has also found no evidence of anyone accessing personal information, school officials say.

Since the breach, the school has made changes.

“Now, the databases are completely on a separate physical server,” Hanner said. “The Web server now has no access to the business database at all.”

Also the school is planning in the future to hire a second computer security firm to add to the school’s overall level of cyber-protection.

“It’s unreasonable to expect that any one company can cover everything,” Hanner said.


	Most Popular	Most Emailed	Hot Topics

Go to complete list

ADVERTISEMENTS

CLICK HERE TO ADVERTISE

PROMOTIONS

CLICK TO VIEW PROMOTIONS

Archives: Only staff-produced articles and videos are archived in the Online search. WBRZ videos can be found on the Video page.; As a courtesy to our users, we maintain an Online Daily Archive of all site content from the past 7 days.; The Advocate also maintains a Newspaper Archive.

Site Information: Check out our site blog for the latest news on updates and changes to 2theadvocate.com.; Curious about how the site works or what content we can provide to you? Check our Frequently Asked Questions section.; Get a detailed listing of all of the site's sections with our site map.

Advertising: Have a look at our media kit for online and offline advertising opportunities.
Subscribe: Subscribe to 2theadvocate.com with any of the feeds on our Feeds page.; Click here to subscribe to The Advocate.

Legal: Copyright © 1992-2008, Louisiana Broadcasting LLC and Capital City Press LLC • 7290 Bluebonnet Blvd., Baton Rouge, LA 70810 • All Rights Reserved; No unauthorized use is permitted of content produced by The Advocate, WBRZ, 2theadvocate.com or any other publication or media owned by Louisiana Broadcasting LLC and Capital City Press LLC. Unauthorized use includes framing and direct posting of content on websites other than www.2theadvocate.com.; Terms of Use | Privacy Policies

Have a question, comment, news tip or story idea? Click here to give us some feedback.