UPDATE: Butler warns students, staff, alums of data breach

Back to TopCommentsE-mailPrintBookmark and Share

Butler University officials are warning more than 160,000 students, faculty, staff and alumni that hackers may have accessed their personal information.

The Indianapolis school learned about the data breach when California officials contacted them last month to inform them that they'd arrested an identity theft suspect who had a flash drive with Butler employees' personal information on it.

Butler spokesman Michael Kaltenmark said school officials have found that the exposed information includes birthdates, Social Security numbers and bank account information of about 163,000 students, faculty, staff, alumni and even prospective students who never actually enrolled in classes at Butler.

"Unfortunately, we do think it's a remote hacking. The suspect that's been arrested has no affiliation with Butler University," Kaltenmark told WTHR-TV.

In a letter sent to those affected by the breach, Butler said someone hacked the school's network sometime between November 2013 and May 2014. School officials have offered those affected a year of free credit monitoring and urged them to keep an eye on their bank accounts and credit scores.

"I'll take the steps I can to protect it and all those necessary things," said recent Butler grad Sara Logel.

While the investigation into the data breach is ongoing, Butler officials insist that they have discovered all of their systems' vulnerabilities and corrected those.


  • The Solution
    I feel that Butler has in fact been the most responsible company that I have been notified by so far. They explained what occurred, and the steps they are taking to resolve it. They also made suggestions on what to do by those affected. This includes a free year subscription to a credit monitoring service. I did not get that from anyone else. Only a suggestion to change my password.
  • so shouldn't they be liable
    Since they did not protect the information, they should be held liable. This is ridiculous, a University that cannot protect the security of this information. Student loans are protected by social security number, I assume social security numbers and financial information were breached. What exactly do they expect all these people to do about it when they did not protect this sensitive information.
  • Unreasonable Delay
    Indiana law (IC 24-4.9-3-3) requires Butler to disclose the security breach without unreasonable delay. A delay is reasonable for 3 reasons: fix the system, investigate the scope of the breach and assist in a law enforcement investigation. Butler only learned of this breach last month when informed by law enforcement. For one, Butler's internal security procedures failed. Butler did not identify the issue. They simply reacted, rather slowly, to an existing problem. In my humble opinion, Butler's disclosure and notification was not timely and I believe the AG's office should seek a statutory penalty.
  • Why The Long Delay
    This happened months ago and just now Butler is telling people of the issue? Why the long delay? Seems like in the world of tech breakdowns it would be the first order of business to get the news out to additionally protect people affected. If there have been issues with accounts, are they going to pay for those breaches since they have been negligent in their reporting?

    Post a comment to this story

    We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
    You are legally responsible for what you post and your anonymity is not guaranteed.
    Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in IBJ editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
    No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
    We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.

    Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

    Sponsored by

    facebook - twitter on Facebook & Twitter

    Follow on TwitterFollow IBJ on Facebook:
    Follow on TwitterFollow IBJ's Tweets on these topics:
    Subscribe to IBJ