Click here to receive your FREE subscription to Campus Technology
News
U Missouri Server Hack Exposes 22,396 SSNs
5/9/2007
The University of Missouri has reported that one of its databases was hacked and that the intruder responsible for the breach was able to obtain the names and social security numbers of staff members. This is the second data security breach at the University of Missouri this year.According to a bulletin posted on the university IT department's site, the "attack" began May 3 and was discovered the next day. Campus police were notified Monday, May 7.
"The attack began on May 3 and the intruder(s) retrieved sensitive information from the database via the Internet. Unfortunately, the attacker was able to retrieve the names and Social Security Numbers of certain University of Missouri staff," according to the bulletin. "The affected individuals were employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.
"The University takes this matter very seriously. The University of Missouri has been and will continue to work diligently to secure the confidential data it holds. All companies or organizations using the Internet to serve their customers face this challenge."
Individuals affected by the incident have been notified or are in the process of being notified, according to the university.
22,396 Affected
The university reported that the breach affected 22,396 individuals were were employed by the University of Missouri and any campus and who were also current or former students at the Columbia campus.
"The University of Missouri ... is working to alert the individuals whose information was improperly accessed, including instructions about how they may monitor their credit reports for suspicious activity. The University has been and will continue to work diligently to secure confidential data held in its computer systems. We are also working closely with law enforcement in our investigation of this event," read a prepared statement issued by the university.
'Unusual Activity'
The discovery of the attack was made, according to the university, when IT staff members noticed "unusual activity" on an application May 3 and then, the following day, found a series of errors "caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia. The vulnerable Web application is no longer available online."
The investigation that ensued included a reconstruction of the attack, and staff members analyzed the results over the weekend and compiled a list of the thousands who were affected by the breach.
The university said that the attacker made "thousands" of queries over several hours, exposing identity records one at a time.
Logs showed that the attacks came from IP addresses in China and Australia.
Second Breach This Year
This latest hack is the second data security breach at the University of Missouri. The first was back in January, when more than 1,200 university researchers had their Social Security numbers compromised and some 2,500 people had their passwords stolen from the university's grant application system.
Read More:
About the author: Dave Nagel is the executive editor for 1105 Media's educational technology online publications and electronic newsletters. He can be reached at dnagel@1105media.com.
Have any additional questions? Want to share your story? Want to pass along a news tip? Contact Dave Nagel, executive editor, at dnagel@1105media.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Utah Rolls Out Online Document Proofreading
The University of Utah has acquired a site license of CyProof's ErrNET for online document proofreading. ErrNET runs on CyProof's servers and is accessed through the user's Web browser. To check a document, users upload their files to the Web site, the cost is calculated, payment is requested, the document is processed, and the results are presented for download. The service works with PDF files.
- Payment Standard for Web Apps Goes Live
A new payment card industry (PCI) standard for Web application firewalls and source code went into effect July 1. PCI Industry Data Security standard 6.6 gives merchants a framework to ensure that the point-of-sale information uploaded into browser-based applications is sound from "top to bottom," the organization's literature said.
- U Texas San Antonio To Deploy Wireless Outdoor Emergency Notifications
The University of Texas at San Antonio has selected Cooper Notification's Wireless Audio Visual Emergency System (WAVES) Mass Notification System (MNS) for its outdoor campus emergency notification system. Through WAVES campus public safety departments can broadcast targeted voice alerts via "Giant Voice" to students, faculty, staff, and visitors.
- Moraine Valley CC Revamps Administrative Systems
Moraine Valley Community College in Illinois has selected Datatel Colleague and ActiveCampus Portal software to replace a legacy administration system. A committee consisting of campus-wide representatives chose Datatel after an 18-month evaluation of administrative software systems.
- Project Wonderland: Good Avatars Make Good Neighbors
Sun Microsystems's Project Darkstar and the Wonderland Toolkit for building 3D spaces show why virtual reality is better for education than video conferencing. And Project Wonderland has announced its first education space.
- Sun, Stanford Working To Archive History
In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.
