Unpatched CU-Boulder Server Contained Student Information Breached
Quick Facts
- Date: 5/22/2007
- Institution: University of Colorado, Boulder
- Type of Incident: Penetration
- Number Affected: 44,998
- Source: Attrition.org
- Abstract Source: Rocky Mountain News
- Update Source: Campus Technology
Abstract
University of Colorado, Boulder is alerting current and past students about possible Identity Theft after a recent security incident. An unknown individual was able to use a "worm" to penetrate security on a computer server in the College of Arts and Sciences Academic Advising Center at CU-Boulder. This server contained the names and Social Security number of almost 45,000 students dating back to 2002. An investigation into the breach discovered that the "worm" took advantage of a vulnerability in the Symantec anti-virus software on the server that CU-Boulder staff had failed to patch. Students were notified of this breach by letter. CU-Boulder dean of Arts and Sciences, Todd Glesson, is asking that all Arts and Sciences Advising Center IT operations be placed back under the central control of CU's Information Technology Services department.
Update
6/8/2007 - After completing the investigation into this incident, CU-Bolder officials have determined that the decentralized IT infrastructure on campus lead to the breach. It seems that the center in charge of the server had turned the local firewall off and failed to apply security patches to the machine in question. In addition, the investigation uncovered that the attacker was most likely attempting to gain control of the computer server, and was not after the information contained on the computer. However, CU-Boulder is erring on the side of caution after this incident. Current, CU-Boulder is working to stop the practice of distributing servers to departments and plans to bring all systems back under the centralized control of the university's IT Department.
