Data Breaches | News

Lingering Viruses Uncovered at Community College of San Francisco

• By Dian Schaffhauser
• 01/18/12

City College of San Francisco has issued a warning to its campus community that some of the college's computers have been infected with software viruses used for identity theft "for several years." The message went out from Chancellor Don Griffin. The viruses were uncovered by Chief Technology Officer David Hotchkiss and a managed security service firm, according to reporting in the San Francisco Chronicle.

The institution has hired computer security company USDN to evaluate the extent of the damage done by the viruses and to determine whether information has been "illegally transferred to third parties outside of the college," Griffin's letter said. Part of that work will be to evaluate the settings for City College's two computer firewalls and to update its antivirus software.

The Chronicle reports that potentially "tens of thousands of students, faculty, and administrators" could have had personal banking information and other data stolen during the "infestation." That same coverage said that the college's data monitoring service "detected an unusual pattern of computer traffic, flagging trouble." That first whiff of trouble surfaced in a computer lab at one of the college's campuses, which the CTO shut down. But that led to examination of other systems in use at other college locations, which also showed signs of infection. It's probable, the Chronicle reported, "that personal computers belonging to anyone who used a flash drive during the past decade to carry information home were also affected."

According to Associated Press coverage, personal data was captured by keystrokes and screenshots and transmitted overseas to cyber thieves.

The IT department estimated that a complete assessment of the college's servers would take two to three weeks to finish. According to the chancellor's letter, preliminary results from USDN "thus far have shown that one server and the computers connected to it in a lab for international students did in fact transmit information outside the college."

According to a memo sent to the Board of Trustees by the chancellor in May 2011, the college paid $40,000 to Dataway, a managed security service provider to deliver maintenance services and upgrades of Check Point firewall software for the period of September 2011 to August 2012, before the current security problems surfaced. That same memo referenced a comparable payment to USDN, the company performing the current evaluation, to cover the cost of providing "network server services" from July 2011 to June 2012.

The chancellor's letter said that the college would provide more information to the campus as soon as it receives a report from USDN.