U Delaware Hack Hits 72,000 Staffers

  • By Dian Schaffhauser
  • 08/05/13

The University of Delaware is attempting to make contact with 72,000 people whose information was vacuumed up during a recent server hacking. The university said that the cyber break-in took place on or around July 17, 2013 and was discovered by IT on July 22 during "routine systems maintenance." Campus representatives announced that the files taken included confidential personal information for current and past employees, including student employees.

U Delaware said the attack occurred when a hacker "took advantage of a vulnerability in software acquired from a vendor."

According to a local news report on DelawareOnline, the hacking occurred due to an unpatched version of Struts2 "that was used by the university on a server that hosted business functions." Struts2 is an Apache framework for creating "enterprise-ready Java Web applications." A number of recent releases have addressed security vulnerabilities. Developers using Struts 2 were "strongly advised" in a June community note to update existing Struts 2 applications to Struts 2.3.14.3 "immediately."

The reporting said the same server was used to host part of a Web site "that allows students to pay bills." The university hasn't said that any additional student information was stolen during the security event.

The university reported that it "took immediate corrective actions" and is working with the Federal Bureau of Investigation as well as security firm Mandiant to investigate the causes and scope of the attack.

The institution has sent notification letters to "more than 72,000 affected persons." It has also offered them free credit monitoring. About a third of those recipients also have active campus email accounts and have been sent email notifications as well.

School administrators have hired Kroll Advisory Solutions, which provides risk mitigation and response services to work with those affected by the breach.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • SXSW EDU

    Explore the Future of AI in Higher Ed at SXSW EDU 2025

    This March 3-6 in Austin, TX, the SXSW EDU Conference & Festival celebrates its 15th year of exploring education's most critical issues and providing a forum for creativity, innovation, and expression.

  • man working on laptop outdoors

    Digital Leadership Must-Haves for 2025: A CDO's Picks

    Now that he's more than a year and a half into his chief digital officer role at NJIT, we've asked Ed Wozencroft to reflect on his areas of concentration: What work must digital leaders "own" in 2025?

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • digital artwork of glowing, interconnected neural-like shapes on a gradient background of deep blue and vibrant purple

    Google Announces Upgrade to Flagship Gemini AI Platform, Enhancing Multimodal Capabilities

    Google has launched Gemini 2.0, designed to empower enterprise users and developers with advanced multimodal capabilities and enhanced performance.