Click here to receive your FREE subscription to Campus Technology
News
Antioch Breach Strikes Unpatched Solaris System
4/10/2008
A breach of an ERP system at Antioch University forced the school to send letters out to more than 60,000 students, former students and staff members informing them that they could become victim to identity theft. The problems surfaced on February 13, 2008, when an anti-virus program detected a virus on one of Antioch's computers. Forensic software investigators hired by the university to examine its systems found that an unauthorized intruder had gained access to one of the computers on three occasions during 2007 and that an IRC bot had been installed.According to a letter from CIO William Marshall sent to those at risk and posted on the school's website, the hacked system contained files with Social Security numbers, names, academic records for students and former students and payroll records for Antioch's employees and former employees going back to 1996 when the system was first implemented. It also contained names and Social Security numbers for student applicants.
Marshall wrote that the school is unaware of any incidents of identity theft taking place as a result of the hacker's activities and that based on what Antioch knows, it was "unlikely" that personal information had been or would be misused.
Computerworld reported that the break-ins involved a Sun Solaris server that hadn't been patched against a "previously disclosed FTP vulnerability, even though a fix was available for the flaw at the time of the breach."
The campus, which has six locations in four states, is working with federal and state law enforcement agencies to attempt to apprehend the responsible person and to determine if any personal information was stolen.
The school also set up a hotline to answer questions regarding the intrusion and has advised those affected to obtain and review credit reports from the three major credit bureaus, Equifax, Experian and Trans Union. All consumers are entitled to one free report a year from each of the bureaus.
When the breaches were discovered, Antioch took the server offline, backed up the data and reinstalled the operating system. The school said in an FAQ on its Web site that it was initiating a complete review of the security on the affected system to ensure there were no other vulnerabilities.
Dian Schaffhauser is a writer who covers technology and business. Send your higher education technology news to her at dian@dischaffhauser.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
- New Blackboard Sync Application Leverages Facebook
Blackboard Inc. today announced Blackboard Sync, an application that allows students to receive course updates and communicate with classmates while logged on to Facebook.
- Standards: The Sooner the Better
Technology solutions work best when they well together. That is why the nonprofit group IMS Global Learning Consortium is developing learning tools interoperability standards for the education technology community...
- U.K. Education Group Escalates Microsoft Complaints
A consultancy to the U.K. government has forwarded complaints about Microsoft's licensing and interoperability practices to the European Commission (EC), according to an announcement issued by the Becta consulting group Monday.
