Hackers attack Bookstore website

Security breach shuts down website as hackers steal personal information

By: Katy Weaver

Posted: 6/4/08

As many as 4,700 OSU Bookstore online customers using credit cards may have had their personal information stolen in a recent website security breach.

"We had a hacker breach our website security that we identified on May 23," said OSU Bookstore General Manager Steve Eckrich. "We brought in the Oregon State Police because it is a serious crime, and we began an outside investigation with a security firm."

The day after identifying the breach, the bookstore notified all customers who may have had their information compromised.

"Oregon has some specific notification requirements and we are following those laws," Eckrich said. "In the subsequent investigation by the outside firm, we were also able to look at the specific information the hackers looked at and notify the exact people involved."

The OSU Bookstore website has since been shut down until additional security is put into place.

The bookstore hopes to have the site up as soon as possible but will not bring it back up until they have gone through all the recommendations of the outside firm.

OSP has actually been investigating a report that 30 OSU Bookstore customers' personal information was stolen since March, according to an OSP press release.

The breach was identified through a series of phone calls to the bookstore indicating a pattern relating back to the website.

"We put through a test charge with a credit card and found that it came back with unauthorized charges," Eckrich said.

Lt. Jeff Lanz, the OSP area commander at the OSU office, said in an OSP press release that online theft can result in felony criminal charges that include theft, identity theft, computer crime and fraudulent use of a credit card.

Lanz also believes that online thefts are an increasing problem as more people use computers to shop, pay bills and do other daily business.

Eckrich wants to make it very clear to students and bookstore shoppers that only online transactions were affected in the information theft.

On a busy day, the bookstore may go through as many as 20,000 transactions. Of this amount, a relatively small percent are from the website.

Regardless of the number of transactions that were affected, the theft is one of the bookstore's highest priorities at the moment.

"We have taken it very seriously from the moment we identified there was a problem," Eckrich said.

Katy Weaver, assistant news editor

news@dailybarometer.com, 737-2231