U Delaware Hack Hits 72,000 Staffers

  • By Dian Schaffhauser
  • 08/05/13

The University of Delaware is attempting to make contact with 72,000 people whose information was vacuumed up during a recent server hacking. The university said that the cyber break-in took place on or around July 17, 2013 and was discovered by IT on July 22 during "routine systems maintenance." Campus representatives announced that the files taken included confidential personal information for current and past employees, including student employees.

U Delaware said the attack occurred when a hacker "took advantage of a vulnerability in software acquired from a vendor."

According to a local news report on DelawareOnline, the hacking occurred due to an unpatched version of Struts2 "that was used by the university on a server that hosted business functions." Struts2 is an Apache framework for creating "enterprise-ready Java Web applications." A number of recent releases have addressed security vulnerabilities. Developers using Struts 2 were "strongly advised" in a June community note to update existing Struts 2 applications to Struts 2.3.14.3 "immediately."

The reporting said the same server was used to host part of a Web site "that allows students to pay bills." The university hasn't said that any additional student information was stolen during the security event.

The university reported that it "took immediate corrective actions" and is working with the Federal Bureau of Investigation as well as security firm Mandiant to investigate the causes and scope of the attack.

The institution has sent notification letters to "more than 72,000 affected persons." It has also offered them free credit monitoring. About a third of those recipients also have active campus email accounts and have been sent email notifications as well.

School administrators have hired Kroll Advisory Solutions, which provides risk mitigation and response services to work with those affected by the breach.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.

  • multiple computer monitors connected by glowing blue lines in a network grid

    Gartner Forecasts Increased Spending on Desktop as a Service as Cost Optimization, Sustainability Drive Adoption

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • stylized figures, resumes, a graduation cap, and a laptop interconnected with geometric shapes

    OpenAI to Launch AI-Powered Jobs Platform

    OpenAI announced it will launch an AI-powered hiring platform by mid-2026, directly competing with LinkedIn and Indeed in the professional networking and recruitment space. The company announced the initiative alongside an expanded certification program designed to verify AI skills for job seekers.

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.