Consensus: Decentralized IT Led to Boulder Hack

• By Paul McCloskey
• 06/08/07

The University of Colorado at Boulder reported that a hacker May 12 exposed about 45,000 students' names and Social Security numbers. The incident affected students enrolled at any time from 2002 to the present, the school said.

The hacked server was in the College of Arts and Sciences' academic advising center. Dan Jones, director of the Campus IT Security Office, told the Denver Post that the center's firewall was turned off, and a patch was not properly installed on the system's anti-virus program.

School administrators said they would cut their practice of distributing IT responsibilities among colleges, schools, departments, and programs and assigned the school's central information technology department to take over the IT management of the center.

University officials also told the Post they do not believe the hacker targeted students' personal information. "It looked like someone was trying to seize control of the machine and not the data,"' a school spokesman told the newspaper. "And in the process of that, the data was exposed. But we're erring on the side of caution."

Read More:

• University of Colorado at Boulder