U Delaware Hack Hits 72,000 Staffers

  • By Dian Schaffhauser
  • 08/05/13

The University of Delaware is attempting to make contact with 72,000 people whose information was vacuumed up during a recent server hacking. The university said that the cyber break-in took place on or around July 17, 2013 and was discovered by IT on July 22 during "routine systems maintenance." Campus representatives announced that the files taken included confidential personal information for current and past employees, including student employees.

U Delaware said the attack occurred when a hacker "took advantage of a vulnerability in software acquired from a vendor."

According to a local news report on DelawareOnline, the hacking occurred due to an unpatched version of Struts2 "that was used by the university on a server that hosted business functions." Struts2 is an Apache framework for creating "enterprise-ready Java Web applications." A number of recent releases have addressed security vulnerabilities. Developers using Struts 2 were "strongly advised" in a June community note to update existing Struts 2 applications to Struts 2.3.14.3 "immediately."

The reporting said the same server was used to host part of a Web site "that allows students to pay bills." The university hasn't said that any additional student information was stolen during the security event.

The university reported that it "took immediate corrective actions" and is working with the Federal Bureau of Investigation as well as security firm Mandiant to investigate the causes and scope of the attack.

The institution has sent notification letters to "more than 72,000 affected persons." It has also offered them free credit monitoring. About a third of those recipients also have active campus email accounts and have been sent email notifications as well.

School administrators have hired Kroll Advisory Solutions, which provides risk mitigation and response services to work with those affected by the breach.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing digital brain above a chessboard with data charts and flowcharts

    Why AI Strategy Matters (and Why Not Having One Is Risky)

    If your institution hasn't started developing an AI strategy, you are likely putting yourself and your stakeholders at risk, particularly when it comes to ethical use, responsible pedagogical and data practices, and innovative exploration.

  • people collaborating around tables with a giant glowing lightbulb, surrounded by futuristic data visuals and technology icons

    California Community Colleges Google, Partner to Provide Students with AI Skills

    A new collaboration between the California Community Colleges system and Google will provide free access to AI tools and training for more than 2 million students and faculty across the state.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • interconnected blocks of data

    Rubrik Intros Immutable Backup for Okta Environments

    Rubrik has announced Okta Recovery, extending its identity resilience platform to Okta with immutable backups and in-place recovery, while separately detailing its integration with Okta Identity Threat Protection for automated remediation.