- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The University of Colorado at Boulder says it is investigating the impact of a data breach discovered last Friday that may have given an attacker access to private information on 9,000 students and 500 instructors.
Three computers used in the Division of Continuing Education and Professional Studies were discovered to be compromised, and the university has called in Applied Trust Engineering to help with a forensics investigation. It didn't take special software or skills to notice one computer was compromised, though: It was performing tasks such as re-booting, much to the surprise of users and IT staff.
"The computer started misbehaving," says Greg Stauffer, IT services communications manager. "People saw suspicious behavior, like the re-booting." So far, malicious code found on the computer has been traced to the breach.
The computer, which was assigned to administrative staff, had stored on it the names, addresses, or grades and Social Security Numbers of about 9,000 students and 500 staff instructors specific to the years 1997 to 2003. The university will be mailing letters to affected parties by the end of this week.
Stauffer says the university has been working to make sure this sort of inappropriately stored legacy data is removed from its computers, but had not managed to reach this one in time. The University of Colorado at Boulder began switching from Social Security numbers to a student identification number system in 2005.
Stauffer says Applied Trust Engineering is conducting forensics work to try to determine whether the computer intruder may have accessed the personal data associated with students and faculty, and how extensive the breach may be. Stauffer says the results are expected to be reported this week. This is the not the first time the university has had to cope with the impact of a data breach, Stauffer acknowledged.
14 years ago, I dealt with somebody like Childs. I was the new manager and the veteran techie knew it...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment