Misbehaving software mistaken for data breach

The University of Colorado at Boulder last week thought it had identified a data breach involving three computers, but a forensics exam indicated it was a false alarm.

The three Windows computers used by staff in the Division of Continuing Education and professional Studies had been behaving spookily, such as re-booting on their own and other unexpected occurrences. The University of Colorado's IT division first believed the cause was a security breach by hackers, and were worried because they also discovered personal data associated with 9,000 students and 500 staff members related to five years ago that shouldn't have been left on one computer.

But the problem turned out not to be a hacker but the computer behaving bizarrely due to computer ATI driver software malfunctioning because of a .Net framework upgrade on the machines, says Dan Jones, director of information security at the university.

The larger challenge facing the University of Colorado is how to ensure that faculty and administrative staff become more mindful about not letting sensitive data, such as names with Social Security numbers and grades, end up on computers in the first place.

The University of Colorado no longer uses Social Security numbers as identifiers and a campaign has been underway to scout out where sensitive data may have become lodged and forgotten on machines used on campus.

"There will always be that tension between security and availability," said Jones, saying the approach the IT department is taking is not to preach 'Thou shalt not do this' but to help the various academic departments identify the legitimate business needs to store data and get them to stick to policies.

In addition, the IT department is looking into using some spidering technology being developed at the University of Texas to identify assets in campus computers so that inappropriately-stored content can be removed immediately.