U Missouri Server Hack Exposes 22,396 SSNs

The University of Missouri has reported that one of its databases was hacked and that the intruder responsible for the breach was able to obtain the names and social security numbers of staff members. This is the second data security breach at the University of Missouri this year.

According to a bulletin posted on the university IT department's site, the "attack" began May 3 and was discovered the next day. Campus police were notified Monday, May 7.

"The attack began on May 3 and the intruder(s) retrieved sensitive information from the database via the Internet. Unfortunately, the attacker was able to retrieve the names and Social Security Numbers of certain University of Missouri staff," according to the bulletin. "The affected individuals were employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

"The University takes this matter very seriously. The University of Missouri has been and will continue to work diligently to secure the confidential data it holds. All companies or organizations using the Internet to serve their customers face this challenge."

Individuals affected by the incident have been notified or are in the process of being notified, according to the university.

22,396 Affected
The university reported that the breach affected 22,396 individuals were were employed by the University of Missouri and any campus and who were also current or former students at the Columbia campus.

"The University of Missouri ... is working to alert the individuals whose information was improperly accessed, including instructions about how they may monitor their credit reports for suspicious activity. The University has been and will continue to work diligently to secure confidential data held in its computer systems. We are also working closely with law enforcement in our investigation of this event," read a prepared statement issued by the university.

'Unusual Activity'
The discovery of the attack was made, according to the university, when IT staff members noticed "unusual activity" on an application May 3 and then, the following day, found a series of errors "caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia. The vulnerable Web application is no longer available online."

The investigation that ensued included a reconstruction of the attack, and staff members analyzed the results over the weekend and compiled a list of the thousands who were affected by the breach.

The university said that the attacker made "thousands" of queries over several hours, exposing identity records one at a time.

Logs showed that the attacks came from IP addresses in China and Australia.

Second Breach This Year
This latest hack is the second data security breach at the University of Missouri. The first was back in January, when more than 1,200 university researchers had their Social Security numbers compromised and some 2,500 people had their passwords stolen from the university's grant application system.

Read More:


About the Author

David Nagel is editorial director, education for 1105 Media's Public Sector Media Group and editor-in-chief of THE Journal. A 22-year publishing veteran, Nagel has led or contributed to dozens of technology, art and business publications.

He can be reached at dnagel@1105media.com. You can also connect with him on LinkedIn at or follow him on Twitter at @THEJournalDave (K-12) or @CampusTechDave (higher education).


comments powered by Disqus

Campus Technology News

Sign up for our newsletter.

I agree to this site's Privacy Policy.