Home » Institutions

University of Colorado

[UPDATE]Three UC-Boulder Computers Breached, One Contained Student Information

By Adam Dodge - Posted on April 25th, 2008

Quick Facts

Abstract
The University of Colorado at Boulder has hired a security firm to help investigate the breach of three computers in the university's Division of Continuing Education and Professional Studies. So far, one of the computers was found to contain information on 9,000 students and 500 staff members. While the investigation is still on going the university believes that this computer contained data on individuals enrolled in Division of Continuing Education and Professional Studies courses between 1997 and 2003. UC-Boulder first became aware of the incident on April 24 when a malicious file was discovered on the computer. While there is no evidence that anyone gained access to personal information, the university plans on sending out notification letters to affected individuals by the end of next week. UC-Boulder has setup a web site - www.colorado.edu/itsecurity/contedu - with more information on the incident.

Update
The University of Colorado at Boulder announced today that the forensic analysis of the three computers that were suspected to have been compromised revealed that no personal information was affected during the incident. According to Dan Jones, Director of IT Security at CU-Boulder, university staff worked closely with Applied Trust Engineering and discovered that an interaction between two incompatible software programs that mimicked behavior consistent with malicious software.

Tagged:  •    •    •    •    •  



Unpatched CU-Boulder Server Contained Student Information Breached

By Adam Dodge - Posted on May 23rd, 2007

Quick Facts

Abstract
University of Colorado, Boulder is alerting current and past students about possible Identity Theft after a recent security incident. An unknown individual was able to use a "worm" to penetrate security on a computer server in the College of Arts and Sciences Academic Advising Center at CU-Boulder. This server contained the names and Social Security number of almost 45,000 students dating back to 2002. An investigation into the breach discovered that the "worm" took advantage of a vulnerability in the Symantec anti-virus software on the server that CU-Boulder staff had failed to patch. Students were notified of this breach by letter. CU-Boulder dean of Arts and Sciences, Todd Glesson, is asking that all Arts and Sciences Advising Center IT operations be placed back under the central control of CU's Information Technology Services department.

Update
6/8/2007 - After completing the investigation into this incident, CU-Bolder officials have determined that the decentralized IT infrastructure on campus lead to the breach. It seems that the center in charge of the server had turned the local firewall off and failed to apply security patches to the machine in question. In addition, the investigation uncovered that the attacker was most likely attempting to gain control of the computer server, and was not after the information contained on the computer. However, CU-Boulder is erring on the side of caution after this incident. Current, CU-Boulder is working to stop the practice of distributing servers to departments and plans to bring all systems back under the centralized control of the university's IT Department.

Tagged:  •    •    •    •    •    •  



UC-Boulder Web Site Exploit Exposes 17,500 Student Records

By Adam Dodge - Posted on December 15th, 2006

Quick Facts

Abstract
The University of Colorado at Boulder has begun to notify 17,500 students that an attacker was able to gain unauthorized access to a computer in the UC Boulder College of Arts and Sciences. This computer was used for advisement purposes and contained personal student information including names and Social Security numbers. According the university officials, the attacker was able to gain access through a web site hosted on the computer. UC Boulder is still investigating this incident and is not aware of exactly what information was exposed during this attack at this point. UC Boulder stopped using SSNs for student identification back in 2005 and is currently deploying a complex program to search for any electronic records that still contain these numbers. The university has created a web page (http://www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf) to help answer any questions students might have about the incident or how to protect themselves from Identity Theft.

Tagged:  •    •    •    •    •    •  



Thief Makes Off With Years Of Research Data

By Adam Dodge - Posted on November 23rd, 2006

Quick Facts

Abstract
A thief made off with a University of Colorado computer containing several years worth of graduate research. The computer in question belonged to the university's Engineering Center. According to Engineering faculty, the research is of little use to most people. The University of Colorado and the Boulder County Crime Stoppers are offering a $1,000 reward to any information leading to an arrest and criminal charges.

Tagged:  •    •    •    •  



Computers Missing From Storage Contained Student Information

By Adam Dodge - Posted on September 22nd, 2006

Quick Facts

Abstract
Two computers containing student information were discovered to be missing from the University of Colorado at Boulder's Leeds School of Business. These computers were placed in storage last May. The loss was discovered when the Leeds staff removed these computers at the end of August in preparation for the new school year. Social Security numbers, names, and grades were amount the information contained on these laptops. Although the CU-Boulder officials do not believe any personal information has been accessed, the University has notified the 1,372 affected students and setup both a web site and hotline for student that might have questions or concerns over this loss.

Tagged:  •    •    •    •    •    •  



12next ›last »