Wednesday, January 17, 2007
Update: Two universities disclose data breaches
Update: Two universities disclose data breaches
Jaikumar Vijayan
January 12, 2007 (Computerworld) The University of Idaho in Moscow yesterday began sending letters to more than 331,000 people warning them about the potential compromise of their personal data following the theft of three desktop computers in November.
Meanwhile, in a separate incident, officials at the University of Arizona in Tucson are investigating a computer break-in that disrupted several school services this week and continued to keep an online procurement system offline even today.
The computers stolen from the University of Idaho were being used by its advancement services office and contained names, addresses and Social Security numbers of university alumni, donors, employees and students. The computers were stolen over the Thanksgiving break by thieves who appear to have been after the hardware, not the data on them, said Christopher Murray, vice president of advancement services at the university.
The reason it has taken the university so long to inform affected individuals is because the prosecutor's office had asked the school to delay a public notification while it launched a criminal investigation of the incident, he said.
The stolen computers were password protected, but none of the data on them was encrypted, he said. Following the incident, the university has begun removing sensitive information "from specific computing devices" and has begun installing encryption software on desktop and laptop systems that access sensitive information, according to a statement posted on its Web site.
Meanwhile, IT officials at the University of Arizona are investigating a computer break-in that disrupted a procurement system, university library services, as well as a payroll processing and meal plan system. The unauthorized access, in which multiple servers and workstations appear to have been illegally accessed in November and December, was discovered on Jan. 2, according to a statement from the school.
"Hackers installed software to store files [such as movies or games] on the systems, and may have attempted to access other information," the university said. "At this point, no evidence exists that data actually were accessed in any way and no evidence exists of theft, including data theft, money theft or other."
The FBI is currently investigating the incident.
Michele Norin, director of the university's center for computing and IT said that upwards of 30 Windows-based servers - including domain name servers and 350 workstations -- were illegally accessed by what appears to have been a hacker or hackers based in France.
In addition to installing movies and games on the systems, the hackers apparently also installed key-stroke logging software on some of the systems, Norin said.
The break-in was discovered when a routine process being handled by one of the compromised servers failed to execute properly, Norin said. The incident prompted an investigation by the IT department, which, in turn, led to the discovery of the compromises, according to Norin. At the moment, it is still not clear how the hackers got into the systems, although it is possible that they may have cracked passwords, she said.
Restoring the systems has proved to be a challenge, in terms of complexity and resources, Norin said. For instance, both the production and the back-up servers handling the university's procurement systems were affected by the breach "so it required alternative sources of software" to restore, Norin said. It also took a lot of time to rebuild all of the domain profiles on the affected domain server, she said.
The sheer number of systems affected by the breach has also put an enormous strain on IT resources, she said.
The compromised computers contained "business-oriented type of data," but it doesn't appear that any of them held non-public information she added.
The university is instituting new measures such as firewalls, stronger passwords and traffic segregation to mitigate the risk of something similar happening again, Norin said.
Jaikumar Vijayan
January 12, 2007 (Computerworld) The University of Idaho in Moscow yesterday began sending letters to more than 331,000 people warning them about the potential compromise of their personal data following the theft of three desktop computers in November.
Meanwhile, in a separate incident, officials at the University of Arizona in Tucson are investigating a computer break-in that disrupted several school services this week and continued to keep an online procurement system offline even today.
The computers stolen from the University of Idaho were being used by its advancement services office and contained names, addresses and Social Security numbers of university alumni, donors, employees and students. The computers were stolen over the Thanksgiving break by thieves who appear to have been after the hardware, not the data on them, said Christopher Murray, vice president of advancement services at the university.
The reason it has taken the university so long to inform affected individuals is because the prosecutor's office had asked the school to delay a public notification while it launched a criminal investigation of the incident, he said.
The stolen computers were password protected, but none of the data on them was encrypted, he said. Following the incident, the university has begun removing sensitive information "from specific computing devices" and has begun installing encryption software on desktop and laptop systems that access sensitive information, according to a statement posted on its Web site.
Meanwhile, IT officials at the University of Arizona are investigating a computer break-in that disrupted a procurement system, university library services, as well as a payroll processing and meal plan system. The unauthorized access, in which multiple servers and workstations appear to have been illegally accessed in November and December, was discovered on Jan. 2, according to a statement from the school.
"Hackers installed software to store files [such as movies or games] on the systems, and may have attempted to access other information," the university said. "At this point, no evidence exists that data actually were accessed in any way and no evidence exists of theft, including data theft, money theft or other."
The FBI is currently investigating the incident.
Michele Norin, director of the university's center for computing and IT said that upwards of 30 Windows-based servers - including domain name servers and 350 workstations -- were illegally accessed by what appears to have been a hacker or hackers based in France.
In addition to installing movies and games on the systems, the hackers apparently also installed key-stroke logging software on some of the systems, Norin said.
The break-in was discovered when a routine process being handled by one of the compromised servers failed to execute properly, Norin said. The incident prompted an investigation by the IT department, which, in turn, led to the discovery of the compromises, according to Norin. At the moment, it is still not clear how the hackers got into the systems, although it is possible that they may have cracked passwords, she said.
Restoring the systems has proved to be a challenge, in terms of complexity and resources, Norin said. For instance, both the production and the back-up servers handling the university's procurement systems were affected by the breach "so it required alternative sources of software" to restore, Norin said. It also took a lot of time to rebuild all of the domain profiles on the affected domain server, she said.
The sheer number of systems affected by the breach has also put an enormous strain on IT resources, she said.
The compromised computers contained "business-oriented type of data," but it doesn't appear that any of them held non-public information she added.
The university is instituting new measures such as firewalls, stronger passwords and traffic segregation to mitigate the risk of something similar happening again, Norin said.
Labels: Univ. of Arizona and Univ. of Idaho
