On Sunday, March 20, while many students and faculty were attending GIM trips abroad or enjoying Spring Break, a security breach was detected in the computer server system at the Kellogg School of Management.

Officials from Northwestern University's Information Technology Office, Kellogg Information Systems and Kellogg senior administration acted quickly to contain any risk to Kellogg faculty, staff, students and alumni's personal data. The broader Northwestern community was not affected.

Leading the recovery action was David Keown, who had joined the Kellogg School just two months earlier as chief information officer and assistant dean for information technology. In his role at the Kellogg School, Dean Keown oversees Kellogg Information Services (KIS) and manages IT issues throughout the school.

When the server problem was discovered, KIS staff reacted swiftly to take the affected systems offline and rebuild them, shutting down the hacker's point of entry. They also launched an immediate investigation to assess what data may have been compromised. On Wednesday, March 23, KIS determined that Kellogg user IDs and passwords, which provide access to various information sources on the Northwestern system, potentially could have been obtained by the hackers.

Dean Keown, who came to Kellogg after 20 years at the Columbia University Business School, where he rose through the ranks of administrative computing to lead the school's IT group for the last eight years, pulled his staff into a conference and called on key administrators to join them. This crisis management team went into action, assessing the risks to the various members of the Kellogg School community. Within minutes, the decision was made to first disable all passwords and user IDs for the Kellogg School's roughly 500 faculty and staff members and 3,000 students — the groups whose personal information was most at risk.

While KIS staff continued their investigation, urgent messages were created and sent by email, and measures were implemented to begin setting new passwords for the entire Kellogg community.

The investigation indicated that alumni data were the least vulnerable to this particular attack because alums' critical personal information was not stored in a location accessed by the hackers. Jim Corboy, Kellogg Alumni Relations director, said, "With an alum's individual Kellogg password, an unauthorized user could only get the same kind of information that has been available for years in the print version of the Alumni Directory or by a simple Internet search: mailing addresses and phone numbers, but not Social Security numbers and birth dates." Even then, he added, the user could view just one person's limited information at a time.

Change your password now As a precautionary security measure, the Kellogg School strongly encourages alumni to change their password immediately and confirm the accuracy of their displayed record. It takes just a few minutes. Log on to the Kellogg Alumni Network. Alumni who have questions regarding the breach should contact Kellogg Alumni Relations at 847.467.ALUM or by email. Staff members are available from 8 a.m. to 5 p.m. CST Monday through Friday.

Still, the breach was a major concern for Alumni Relations and the crisis team, which recommended immediate messaging to the approximately 18,000 alumni who have passwords on the system to log on and change their passwords. An analysis indicated whose data had been updated since the breach; although most of that activity was probably related to the upcoming Alumni Reunion and not a result of the break-in, those alumni received specific instructions to check the accuracy of their displayed record. As of Kellogg World press time, the Kellogg School has observed no pattern of attempted fraud, and the university has no evidence that personal identification was accessed.

Dean Keown said: "Invasion of privacy and the potential for theft and destruction are very real threats globally. IT organizations are working very hard to improve their functionality while guarding against security threats on every level. Following this unfortunate event, the Kellogg School has contracted outside agencies to check the security of our systems and analyze the forensic data to learn what we can about the break-in." The ongoing investigation has identified patterns of the hacker's behavior that suggest the servers were not targeted to obtain personal information.

Senior Associate Dean Robert Korajczyk also was part of the crisis team. He said: "The Kellogg School regrets the inconvenience caused to our valued constituents. Dean Keown and the crisis management team embody the teamwork philosophy that distinguishes Kellogg among business management schools. The dedication of the KIS staff, many of whom worked around the clock for days on end, demonstrates the extraordinary measures the Kellogg School takes to protect the interests of the Kellogg community."