U Hawaii Data Breach Echoes 2009 Incident

Up to 53,000 people may have been affected by a recent data breach at the University of Hawaii in Manoa. The university system discovered the break-in during a routine audit June 15, 2010. The breach had taken place May 30, 2010 on a server used by the main campus' parking office. The university isolated the affected server and began an investigation, which included notifying the Honolulu Police Department and the FBI. IT has also retained a forensic computer expert to do further investigation.

U Hawaii said the server contained a database with personal information--including nearly 41,000 Social Security numbers and data on 200 credit cards. The database had records for faculty, staff, and students at the institution during 1998. Also included was anyone who had business--such as purchasing parking permits or having a car towed--with the parking office between Jan. 1, 1998 and June 30, 2009.

The university said that it had no evidence that the personal information maintained on the server was accessed or used. But it encouraged those who have been potentially affected to monitor their financial information and take measures against identity theft. The university has set up a helpline and e-mail account to answer questions.

On a Web page about the incident, the university said that Social Security numbers were no longer used for parking transactions and were being purged from current and historic parking office databases.

Fifteen months earlier the university took steps to notify students about a malware-induced data breach at Kapi'olani Community College. That incident involved 15,487 students--and potentially their parents--who had applied for or were granted financial aid during the previous five years. While the infected computer didn't store sensitive information, it was on a local network that provided access to data for financial aid processing.

After that incident, IT blamed a series of human missteps for the breach. The computer that ultimately caused the attack was "very infected," said Jodi Ito, information security officer, in a presentation about top security challenges in the U Hawaii System. The computer had been used to connect to another server that "stored years of sensitive information"; the user connected to the server every morning and stayed connected "as a matter of daily routine"; the user opened all e-mails and attachments "without regard to relevance"; and the user visited social networking sites. User training was one of Ito's recommendations for reducing the chances of a similar breach from occurring.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • abstract smartphone translucent screen displaying AI interface

    Apple Introduces Redesigned Siri AI

    At its recent Worldwide Developers Conference, Apple introduced Siri AI, a redesigned version of its voice assistant that Apple describes in its own announcement as "a profoundly more capable and personal assistant." The update is intended to make Siri more conversational, more context-aware, and more useful across iPhone, iPad, Mac, Apple Watch, and Vision Pro.

  • blue wooden cubes block texture abstract background

    Gartner Estimates Worldwide IT Spending at $6.31T for 2026

    Gartner recently forecast that worldwide IT spending will total $6.31 trillion in 2026, a 13.5% increase from 2025. Sectors experiencing the largest growth include data center systems, software, and IT services.

  • people as silhouettes on a glowing network grid

    Human-Centered Workforce Development in an Age of Advanced Technology

    Marc Booker, vice provost of strategy at the University of Phoenix, examines how to recognize and promote human-centered workforce development in higher education.

  • Dana Brunson facilitates a roundtable discussion with research and higher education IT leaders

    Internet2: Closing the Access Gap for Research Cyberinfrastructure

    Internet2's Research Engagement Team brings CIOs and other campus technology leadership together with research computing and data facilitators, forming a community that enables research cyberinfrastructure at institutions of all types and sizes.