Click here to receive your FREE subscription to Campus Technology
News
U Missouri Server Hack Exposes 22,396 SSNs
5/9/2007
The University of Missouri has reported that one of its databases was hacked and that the intruder responsible for the breach was able to obtain the names and social security numbers of staff members. This is the second data security breach at the University of Missouri this year.According to a bulletin posted on the university IT department's site, the "attack" began May 3 and was discovered the next day. Campus police were notified Monday, May 7.
"The attack began on May 3 and the intruder(s) retrieved sensitive information from the database via the Internet. Unfortunately, the attacker was able to retrieve the names and Social Security Numbers of certain University of Missouri staff," according to the bulletin. "The affected individuals were employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.
"The University takes this matter very seriously. The University of Missouri has been and will continue to work diligently to secure the confidential data it holds. All companies or organizations using the Internet to serve their customers face this challenge."
Individuals affected by the incident have been notified or are in the process of being notified, according to the university.
22,396 Affected
The university reported that the breach affected 22,396 individuals were were employed by the University of Missouri and any campus and who were also current or former students at the Columbia campus.
"The University of Missouri ... is working to alert the individuals whose information was improperly accessed, including instructions about how they may monitor their credit reports for suspicious activity. The University has been and will continue to work diligently to secure confidential data held in its computer systems. We are also working closely with law enforcement in our investigation of this event," read a prepared statement issued by the university.
'Unusual Activity'
The discovery of the attack was made, according to the university, when IT staff members noticed "unusual activity" on an application May 3 and then, the following day, found a series of errors "caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia. The vulnerable Web application is no longer available online."
The investigation that ensued included a reconstruction of the attack, and staff members analyzed the results over the weekend and compiled a list of the thousands who were affected by the breach.
The university said that the attacker made "thousands" of queries over several hours, exposing identity records one at a time.
Logs showed that the attacks came from IP addresses in China and Australia.
Second Breach This Year
This latest hack is the second data security breach at the University of Missouri. The first was back in January, when more than 1,200 university researchers had their Social Security numbers compromised and some 2,500 people had their passwords stolen from the university's grant application system.
Read More:
About the author: Dave Nagel is the executive editor for 1105 Media's educational technology online publications and electronic newsletters. He can be reached at dnagel@1105media.com.
Have any additional questions? Want to share your story? Want to pass along a news tip? Contact Dave Nagel, executive editor, at dnagel@1105media.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
- Data Breach Strikes U North Dakota Alumni Association
The alumni association for the University of North Dakota has gone public with a data breach that occurred when a laptop belonging to a software vendor was stolen from a vehicle. The computer contained the names of 84,000 university alumni, donors, and others, according to coverage by the Grand Forks Herald.
- Tips for Selecting a Campus CRM tool
As competition for students increases, colleges and universities are looking more and more to customer (or constituent) relationship management software for help in remaining competitive.
- Intercast Networks Goes into Beta with Kazam Video Service at Internet2 Universities
Intercast Networks has redesigned Kazam, its student Internet TV and video service based on the company's VideoXpress platform. Following a spring semester alpha trial at Columbia and Purdue University, the company redesigned Kazam's interface based on student feedback and added additional content that caters to a student audience.
- Michigan State Managing MRI Images from Africa with Acuo Tech DICOM Services Grid
Doctors at Michigan State University have begun using the Digital Imaging and Communications in Medicine (DICOM) Services Grid from Acuo Technologies to transport and manage magnetic resonance imaging (MRI) results from a hospital in Malawi, Africa in order to monitor the impact of malaria on children.
- IIT Delhi Delivers Services with Ingres Open Source
Administrators at the Indian Institute of Technology Delhi (IIT Delhi) have gone public with their installation of open source database management software from Ingres. IIT Delhi, one of seven leading institutes of technology in India, adopted Ingres Database to support administration functions such as grading, finance, human resources, procurement, and hospital administration.
