University of Colorado Breach For The Third Time In Six Weeks
Quick Facts
- Date: 8/3/2005
- Institution: University of Colorado, Boulder
- Type of Incident: Penetration
- Number Affected: 36,000
- Source: INFOSEC Year In Review
- Abstract Source: The Denver Post via EDUPAGE
Abstract
Hackers broke into a server at the University of Colorado (CU), marking the third security breach in the past six weeks. The latest attack targeted servers that held information for the school's ID card, known as the Buff OneCard. Those servers included names, Social Security numbers, and photographs but not financial information. Potentially exposed in the attack is personal information for 29,000 students, some former students, and 7,000 staff members. Students who will be entering the university in the fall were not affected. Dan Jones, IT security coordinator, said it was not clear whether this attack was perpetrated by the same people who compromised two other servers recently. In April, CU had decided to move away from using Social Security numbers as identifiers for students, based on security problems at other institutions and the risk of identity theft. Some systems on campus, however, still use Social Security numbers to track students, according to Jones. Officials at the university said they will hire an independent auditing firm to assess the institution's security measures and will also evaluate some 26,000 computers to determine which could be placed behind a firewall. The Denver Post, 3 August 2005
[Abstract by Edupage editors taken directly from Edupage, August 03, 2005]
