[UPDATE]Three UC-Boulder Computers Breached, One Contained Student Information
Quick Facts
- Date: 4/25/2008
- Institution: University of Colorado, Boulder
- Type of Incident: Penetration
- Number Affected: None
- Source: Pogo Was Right
- Abstract Source: University of Colorado, Boulder News Center
- Update Source: University of Colorado, Boulder News Center
Abstract
The University of Colorado at Boulder has hired a security firm to help investigate the breach of three computers in the university's Division of Continuing Education and Professional Studies. So far, one of the computers was found to contain information on 9,000 students and 500 staff members. While the investigation is still on going the university believes that this computer contained data on individuals enrolled in Division of Continuing Education and Professional Studies courses between 1997 and 2003. UC-Boulder first became aware of the incident on April 24 when a malicious file was discovered on the computer. While there is no evidence that anyone gained access to personal information, the university plans on sending out notification letters to affected individuals by the end of next week. UC-Boulder has setup a web site - www.colorado.edu/itsecurity/contedu - with more information on the incident.
Update
The University of Colorado at Boulder announced today that the forensic analysis of the three computers that were suspected to have been compromised revealed that no personal information was affected during the incident. According to Dan Jones, Director of IT Security at CU-Boulder, university staff worked closely with Applied Trust Engineering and discovered that an interaction between two incompatible software programs that mimicked behavior consistent with malicious software.
