UC-Boulder Web Site Exploit Exposes 17,500 Student Records
Quick Facts
- Date: 12/15/2006
- Institution: University of Colorado, Boulder
- Type of Incident: Penetration
- Number Affected: 17,500
- Source: Attrition.org
- Abstract: University of Colorado
Abstract
The University of Colorado at Boulder has begun to notify 17,500 students that an attacker was able to gain unauthorized access to a computer in the UC Boulder College of Arts and Sciences. This computer was used for advisement purposes and contained personal student information including names and Social Security numbers. According the university officials, the attacker was able to gain access through a web site hosted on the computer. UC Boulder is still investigating this incident and is not aware of exactly what information was exposed during this attack at this point. UC Boulder stopped using SSNs for student identification back in 2005 and is currently deploying a complex program to search for any electronic records that still contain these numbers. The university has created a web page (http://www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf) to help answer any questions students might have about the incident or how to protect themselves from Identity Theft.
