Click here to receive your FREE subscription to Campus Technology
News
Antioch Breach Strikes Unpatched Solaris System
4/10/2008
A breach of an ERP system at Antioch University forced the school to send letters out to more than 60,000 students, former students and staff members informing them that they could become victim to identity theft. The problems surfaced on February 13, 2008, when an anti-virus program detected a virus on one of Antioch's computers. Forensic software investigators hired by the university to examine its systems found that an unauthorized intruder had gained access to one of the computers on three occasions during 2007 and that an IRC bot had been installed.According to a letter from CIO William Marshall sent to those at risk and posted on the school's website, the hacked system contained files with Social Security numbers, names, academic records for students and former students and payroll records for Antioch's employees and former employees going back to 1996 when the system was first implemented. It also contained names and Social Security numbers for student applicants.
Marshall wrote that the school is unaware of any incidents of identity theft taking place as a result of the hacker's activities and that based on what Antioch knows, it was "unlikely" that personal information had been or would be misused.
Computerworld reported that the break-ins involved a Sun Solaris server that hadn't been patched against a "previously disclosed FTP vulnerability, even though a fix was available for the flaw at the time of the breach."
The campus, which has six locations in four states, is working with federal and state law enforcement agencies to attempt to apprehend the responsible person and to determine if any personal information was stolen.
The school also set up a hotline to answer questions regarding the intrusion and has advised those affected to obtain and review credit reports from the three major credit bureaus, Equifax, Experian and Trans Union. All consumers are entitled to one free report a year from each of the bureaus.
When the breaches were discovered, Antioch took the server offline, backed up the data and reinstalled the operating system. The school said in an FAQ on its Web site that it was initiating a complete review of the security on the affected system to ensure there were no other vulnerabilities.
Dian Schaffhauser is a writer who covers technology and business. Send your higher education technology news to her at dian@dischaffhauser.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- RIAA Outsources Fingering of Students Who Share Music Illegally
The RIAA is outsourcing the hunt for music thieves. Its largest target currently is those who operate from within colleges and universities, a move that has piqued the attention of Educause.
- Microsoft Expands Education Footprint in Asia Pacific Region
Microsoft Chairman Bill Gates announced new partnerships to extend accessibility and computer literacy in the Asia Pacific region during a speech in Jakarta at a government leader gathering earlier this week.
- IT Struggling Over Security, Compliance
IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, according to a survey released Monday by Shavlik Technologies.
- Toronto College Upgrades Network with Gigabit Ethernet Wireless Links
Toronto-based George Brown College has gone public about its deployment of six BridgeWave GE60 wireless links to upgrade its campus-wide network.
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
