Antioch Breach Strikes Unpatched Solaris System

• By Dian Schaffhauser
• 04/10/08

A breach of an ERP system at Antioch University forced the school to send letters out to more than 60,000 students, former students and staff members informing them that they could become victim to identity theft. The problems surfaced on February 13, 2008, when an anti-virus program detected a virus on one of Antioch's computers. Forensic software investigators hired by the university to examine its systems found that an unauthorized intruder had gained access to one of the computers on three occasions during 2007 and that an IRC bot had been installed.

According to a letter from CIO William Marshall sent to those at risk and posted on the school's website, the hacked system contained files with Social Security numbers, names, academic records for students and former students and payroll records for Antioch's employees and former employees going back to 1996 when the system was first implemented. It also contained names and Social Security numbers for student applicants.

Marshall wrote that the school is unaware of any incidents of identity theft taking place as a result of the hacker's activities and that based on what Antioch knows, it was "unlikely" that personal information had been or would be misused.

Computerworld reported that the break-ins involved a Sun Solaris server that hadn't been patched against a "previously disclosed FTP vulnerability, even though a fix was available for the flaw at the time of the breach."

The campus, which has six locations in four states, is working with federal and state law enforcement agencies to attempt to apprehend the responsible person and to determine if any personal information was stolen.

The school also set up a hotline to answer questions regarding the intrusion and has advised those affected to obtain and review credit reports from the three major credit bureaus, Equifax, Experian and Trans Union. All consumers are entitled to one free report a year from each of the bureaus.

When the breaches were discovered, Antioch took the server offline, backed up the data and reinstalled the operating system. The school said in an FAQ on its Web site that it was initiating a complete review of the security on the affected system to ensure there were no other vulnerabilities.