Month of August, 2005
Seven Years of Student and Employee Information Exposed
Quick Facts
- Date: 8/9/2005
- Institution: Sonoma State University
- Type of Incident: Penetration
- Number Affected: 62,000
- Source: INFOSEC Year In Review
- Abstract Source: San Francisco Chronicle via EDUPAGE
Abstract
Sonoma State University, an hour north of San Francisco, has become the latest in a growing list of universities to suffer a hacker attack that put personal information of students and staff at risk. At Sonoma State, hackers in July gained access to several computer workstations, which allowed them to access a number of other computers before university staff detected and put an end to the intrusion. In all, the hackers had access to names and Social Security numbers of nearly 62,000 students, applicants, or employees of the university between 1995 and 2002. A spokesperson for the university said the hackers did not have access to financial information and noted that there is currently no evidence that any of the information has been misused. Nevertheless, the university is required by state law to contact individuals whose personal information has been compromised, and the university is working to do just that. The university has set up a Web site with information and is advising affected individuals to contact credit-reporting agencies to be on the lookout for possible identity fraud. San Francisco Chronicle, 9 August 2005
[Abstract by Edupage Editors taken directly from Edupage, August 10, 2005]
University of Colorado Breach For The Third Time In Six Weeks
Quick Facts
- Date: 8/3/2005
- Institution: University of Colorado, Boulder
- Type of Incident: Penetration
- Number Affected: 36,000
- Source: INFOSEC Year In Review
- Abstract Source: The Denver Post via EDUPAGE
Abstract
Hackers broke into a server at the University of Colorado (CU), marking the third security breach in the past six weeks. The latest attack targeted servers that held information for the school's ID card, known as the Buff OneCard. Those servers included names, Social Security numbers, and photographs but not financial information. Potentially exposed in the attack is personal information for 29,000 students, some former students, and 7,000 staff members. Students who will be entering the university in the fall were not affected. Dan Jones, IT security coordinator, said it was not clear whether this attack was perpetrated by the same people who compromised two other servers recently. In April, CU had decided to move away from using Social Security numbers as identifiers for students, based on security problems at other institutions and the risk of identity theft. Some systems on campus, however, still use Social Security numbers to track students, according to Jones. Officials at the university said they will hire an independent auditing firm to assess the institution's security measures and will also evaluate some 26,000 computers to determine which could be placed behind a firewall. The Denver Post, 3 August 2005
[Abstract by Edupage editors taken directly from Edupage, August 03, 2005]
