Security & Privacy | News

U Wisconsin Milwaukee Data Breach Hits 75000

• By Dian Schaffhauser
• 08/23/11

The University of Wisconsin Milwaukee has gone public with its efforts to contact about 75,000 people to let them know they may have had their names and Social Security Numbers accessed by cyber-criminals.

According to a publicly posted press release, the security incident began in late May 2011 when university technology staff found the existence of malware on a university server housing software that managed confidential information for several departments. The server was shut down, and the institution began an investigation to uncover the extent of the breach. At that time, it also reported the breach to local and federal law enforcement. After assessing security on the server, the university put it back into service.

A little over a month later the university found that a database from that system was accessible to the hackers. That database contained the personal information of the 75,000 individuals, all current and former employees and students. No other financial information was stored in the database.

"As with many such incidents, the investigators have not been able to identify those who gained unauthorized access," a letter from interim CIO John McCarragher said. "Investigators theorize that the motive was not identity theft, and could find no proof of any attempt to download names or Social Security numbers from the database."

The university began notifying people once it understood the extent of the breach and could identify those who may have been affected by it.

In response to the breach, the university has published a phone number where people can obtain additional information and provided advice to those affected about how to protect themselves against identity theft and monitor their credit records.

Those recommendations included:

• Reviewing bank and credit card statements regularly and looking for unusual or suspicious activities;
• Contacting appropriate financial institutions upon noticing any irregularity in a credit report or account; and
• Requesting a free credit report and inspecting personal credit scores.

In addition, the university has put additional security in place for its IT systems.