The names, email addresses and telephone numbers of as many as 1,200 current and former Johns Hopkins University biomedical engineering students were posted online after a hacker's failed extortion attempt aimed at gaining broader access to the school's computer network, the university said Friday.
There was no evidence the compromised data contained Social Security numbers, birth dates, credit card numbers or other financial information, spokesman Dennis O'Shea said.
He said the information posted Thursday also included the students' written evaluations of fellow students on their biomedical project teams; and biographical and contact information for Department of Biomedical Engineering faculty and staff members. The faculty and staff data was already publicly available, he said.
O'Shea said the department received "what can only be described as an extortion message'' Wednesday from someone claiming affiliation with the hacker group Anonymous. The message threatened to post information stolen from a department web server unless the university provided user identification and password credentials to access the school's network.
Instead, school officials contacted the FBI, O'Shea said.
"The university did not and will not provide that access,'' he said.
Washington, D.C., Maryland and Virginia local news, events and information
He said the university is investigating the breach and cooperating with an FBI criminal probe. FBI spokeswoman Amy Thoreson in the agency's Baltimore office said she could neither confirm nor deny anything about the case.
O'Shea said the breach apparently occurred last year but came to light when someone posted on Twitter in January that the server was open to attack. He said the university closed the security gap but the data, including 1,217 student files, had already been extracted.
The university is trying to get the posted information removed from websites on which it appeared, he said.
The news comes about two weeks after the University of Maryland revealed 300,000 student and employee records were compromised in a data breach. In that case, the records included names, Social Security numbers, dates of birth and university ID numbers.