U Hawaii Data Breach Echoes 2009 Incident

Up to 53,000 people may have been affected by a recent data breach at the University of Hawaii in Manoa. The university system discovered the break-in during a routine audit June 15, 2010. The breach had taken place May 30, 2010 on a server used by the main campus' parking office. The university isolated the affected server and began an investigation, which included notifying the Honolulu Police Department and the FBI. IT has also retained a forensic computer expert to do further investigation.

U Hawaii said the server contained a database with personal information--including nearly 41,000 Social Security numbers and data on 200 credit cards. The database had records for faculty, staff, and students at the institution during 1998. Also included was anyone who had business--such as purchasing parking permits or having a car towed--with the parking office between Jan. 1, 1998 and June 30, 2009.

The university said that it had no evidence that the personal information maintained on the server was accessed or used. But it encouraged those who have been potentially affected to monitor their financial information and take measures against identity theft. The university has set up a helpline and e-mail account to answer questions.

On a Web page about the incident, the university said that Social Security numbers were no longer used for parking transactions and were being purged from current and historic parking office databases.

Fifteen months earlier the university took steps to notify students about a malware-induced data breach at Kapi'olani Community College. That incident involved 15,487 students--and potentially their parents--who had applied for or were granted financial aid during the previous five years. While the infected computer didn't store sensitive information, it was on a local network that provided access to data for financial aid processing.

After that incident, IT blamed a series of human missteps for the breach. The computer that ultimately caused the attack was "very infected," said Jodi Ito, information security officer, in a presentation about top security challenges in the U Hawaii System. The computer had been used to connect to another server that "stored years of sensitive information"; the user connected to the server every morning and stayed connected "as a matter of daily routine"; the user opened all e-mails and attachments "without regard to relevance"; and the user visited social networking sites. User training was one of Ito's recommendations for reducing the chances of a similar breach from occurring.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • school building connected by lines to symbols of AI, data charts, and a funding document with a dollar sign

    ED Issues Guidance on the Use of Federal Grant Funds to Support Learner Outcomes with AI

    In response to President Trump's April 23 Executive Order on advancing AI education, the United States Department of Education has issued new guidance on how K-12 and higher education institutions may use federal grant funds "to support improved outcomes for learners through the responsible integration of artificial intelligence."

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • teenager’s study desk with a laptop displaying an AI symbol, surrounded by books, headphones, a notebook, and a cup of colorful pencils

    Survey: Student AI Use on the Rise

    Ninety-three percent of students across the United States have used AI at least once or twice for school-related purposes, according to the latest AI in Education report from Microsoft.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.