U Delaware Hack Hits 72,000 Staffers

The University of Delaware is attempting to make contact with 72,000 people whose information was vacuumed up during a recent server hacking. The university said that the cyber break-in took place on or around July 17, 2013 and was discovered by IT on July 22 during "routine systems maintenance." Campus representatives announced that the files taken included confidential personal information for current and past employees, including student employees.

U Delaware said the attack occurred when a hacker "took advantage of a vulnerability in software acquired from a vendor."

According to a local news report on DelawareOnline, the hacking occurred due to an unpatched version of Struts2 "that was used by the university on a server that hosted business functions." Struts2 is an Apache framework for creating "enterprise-ready Java Web applications." A number of recent releases have addressed security vulnerabilities. Developers using Struts 2 were "strongly advised" in a June community note to update existing Struts 2 applications to Struts 2.3.14.3 "immediately."

The reporting said the same server was used to host part of a Web site "that allows students to pay bills." The university hasn't said that any additional student information was stolen during the security event.

The university reported that it "took immediate corrective actions" and is working with the Federal Bureau of Investigation as well as security firm Mandiant to investigate the causes and scope of the attack.

The institution has sent notification letters to "more than 72,000 affected persons." It has also offered them free credit monitoring. About a third of those recipients also have active campus email accounts and have been sent email notifications as well.

School administrators have hired Kroll Advisory Solutions, which provides risk mitigation and response services to work with those affected by the breach.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • digital data protection and cyber security

    White House Launches New AI Security Framework

    President Donald Trump has issued a new executive order aimed at maintaining United States AI leadership while addressing the security risks posed by increasingly powerful AI systems.

  • workshop participants discuss sustainability in open science and research

    Open Source: Advancing Our Digital Commons

    IT leaders are recognizing the benefits of a return to open strategies. CT asked Jack Suess, VP of IT and CIO at UMBC, for his views on returning to the digital commons of open source.

  • Student classroom scene with diverse learners attentively engaging in lecture, using laptops

    The AI Literacy Gap No One Expected

    While Gen Z may be advanced at generating quick outputs or using free LLMs for surface-level tasks, they need to develop critical thinking, communication, and analysis skills.

  • Digital Network of User Profiles and Data Connections

    Microsoft, RSA Make Identity Security Push in the Age of AI

    Two of the bigger authentication announcements to come out of the recent RSA Conference both point in the same direction: Organizations need a more flexible, unified approach to identity security, especially as AI agents start acting alongside human workers.