[Dataloss] Illinois university hit with security breach

Wed Jul 5 22:34:40 EDT 2006

Illinois university hit with security breach

By Dawn Kawamoto
http://news.com.com/Illinois+university+hit+with+security+breach/2100-7349_3
-6090860.html

Story last modified Wed Jul 05 16:14:35 PDT 2006

Western Illinois University is notifying more than 180,000 people that their
personal data is at risk after hackers entered its networks.

The university said it mailed the last of its notifications on Monday to
people whose Social Security number, credit card account number and other
sensitive information were on the student service servers in the security
breach.

"The breach occurred on June 5 through our electronic student services
system servers. They do frequent checks on their system and discovered the
breach within hours after it occurred," said Darcie Shinberger, a
spokeswoman for Western Illinois University.

The incident affects alumni and students who attended the institution
between 1983 to the present, as well as 1,000 individuals who were there
from 1978 to 1982. Anybody who purchased items online from the university's
bookstore or who stayed at the university union hotel also may have had
their data exposed, Shinberger said, but could not specify a date range.

The hacked servers house Western's electronic student services system, which
is used to run the university's admissions Web site, financial aid,
bookstore and hotel.

Western Illinois University distributed e-mail notices to those affected on
June 15 and began following that up with mailings last week. It has not
received any reports from its public safety office of individuals having
their personal information compromised as a result of the incident,
Shinberger said.

For the school to say it has no evidence that private information has been
used to commit identity theft is disingenuous, said Avivah Litan, an analyst
at research firm Gartner. Unless a school has taken an extensive review over
an extended period, there's no sure way of determining whether the hackers
have profited from the information, Litan said.

In addition, victims of identity theft will often turn to other sources to
report the problem, such as their credit card companies or local police,
before notifying the place where the breach occurred.

Following the incident, Western Illinois University, which serves 13,400
students and has an alumni base of 95,000, began installing new security
measures. It is reviewing its policies for storing information and handling
online credit card information.

The security breach is not the first for the university. A few years ago, a
student broke into Western's computer system and began rifling through his
or her own virtual records.

"We have never had anything of this magnitude. This is a first for us,"
Shinberger said. "There are always risks when doing business online."

Perhaps one of the strongest indicators of the level of security at U.S.
universities is that even after a string of major breaches at such places as
Ohio University, Notre Dame University and the University of Texas, hackers
continue to find their way into college computer systems.

The pervasiveness of security breaches there stem, in part, from the way
educational institutions are set up. Universities and colleges desire an
exchange of ideas and information and, as a result, maintain relatively open
networks. Security experts have noted that this situation may well be to
blame for security breaches at institutions.

CNET News.com's Greg Sandoval contributed to this report.