U Georgia Looks into Server Breach
The University of Georgia this week said it's investigating a security breach that might have exposed as many as 4,250 Social Security numbers, including those of several hundred current residents. The actual incident occured in late December and was the second discovery of a breach potentially exposing SSNs at the University of Georgia in 2007.
According to a release issued by U Georgia Jan. 8, a hacker with an overseas IP address accessed a campus server between Dec. 29 and Dec. 31. The server contained 4,250 Social Security numbers, names, and addresses of current, former, and prospective residents of the university's graduate family housing. The server was taken immediately offline upon discovery Dec. 31.
"We deeply regret this situation and will take steps to notify and support the affected students and alumni," said Arnett C. Mace Jr., senior vice president for academic affairs and provost, in a statement released Tuesday. "We will review the measures that were in place on this server and reiterate our protocols for maintaining security against such intrusions."
U Georgia CISO Stan Gatewood said Tuesday there's no evidence that personal information was actually stolen. However, he did encourage those affected by the breach to read up on identity theft at the Federal Trade Commission and Georgia attorney general's sites.
Meanwhile, the university this week began attempting to contact all individuals whose information might have been exposed, according to a U Georgia news release.
Back in February 2007, U Georgia reported that a university database was breached, again by an overseas hacker, exposing some 3,500 student and alumni Social Security numbers and other information. That database belonged to the university's Disability Resource Center. Blame was assigned at the time to a failure to install security patches. The actual date of this breach was unclear but may have occured as early as November 2006.
Read More: