University of North Texas officials are recommending that almost 39,000 students and alumni should protect themselves from identity theft after discovering that hackers accessed a UNT computer server last week.
UNT has no indication that hackers stole any personal information, but has sent letters to the former, current and prospective students whose information may have been accessed, said Deborah Leliaert, vice president for university relations, communications and marketing.
A server containing UNT housing records dating back to 1999 was accessed by hackers, university officials said. Also, Web-based financial aid inquiries from 2001 to 2005, were unprotected and could be found by entering specific key words and numbers into an Internet search engine, according to a university news release. More than 500 credit card numbers may have also been accessible, the release said. In all, 38,607 records were unprotected, UNT officials said.
"We're interested in having people aware that we've had these security breaks so that we can protect our university family," Leliaert said. "We don't have any evidence that anybody's personal identities have been compromised, but we believe it is appropriate for them to take precautions."
Leliaert said the university discovered the potential breach last week using its Internet monitoring software.
The university immediately blocked access to the server and the electronic file containing the information from the financial aid inquiries.
"The hacker could have drilled down to the personal information, or they could have used the server for some other purpose," she said. "Nevertheless, we’re acting as though [hackers got through] and informing people that their personal info was at risk."
UNT has created a Web site, www.securityid.unt.edu, and a toll-free telephone number, 1-866-868-5323, which can be used by those who think their information may have been exposed.
UNT is encouraging those whose information may have been accessed to order a free credit report and check it for irregularities, and to consider placing a free fraud alert on credit files through one of the three major credit bureaus.
A spokeswoman for the Identity Theft Resource Center, a nonprofit organization based in San Diego, said UNT is doing the right thing in notifying its affiliates.
"It sounds like the university is taking the steps to be proactive in assisting the students," said Sheila Gordon, director of victims services at the center. "But they [those affected] are going to need to monitor their credit reports for at least the next year."
Gordon said that credit card companies are not mandated to verify applications, even when a credit report includes a fraud alert.
"Let's not use that for a false sense of security," she said. "They need to keep re-establishing their fraud alert every 30 days."
Texas residents can now request annually a free credit report from each of the three major credit bureaus.
The Identity Theft Resource Center recommends that people stagger their requests so they get a report from one of the credit bureaus every four months, Gordon said.
Those whose personal information might have been accessed should closely monitor their credit reports closely for a year, she said.
But vigilance against identity theft shouldn't be limited to people whose information has been stolen.
"I am an advocate for everybody checking their credit reports," Gordon said.
FBI spokeswoman Lori Bailey said that UNT has not yet contacted the bureau about last week's incident. The FBI in Dallas houses a cyber crimes unit, she said, that could investigate the incident. Federal cyber crimes carry penalties of fines and prison time, Bailey said.
The UNT police have been informed of the security breach and would likely pass the information to the FBI, Leliaert said.
"We turned our attention toward informing individuals who could be at risk," Leliaert said. "Then they [UNT’s computer officials] will turn their attention toward the law enforcement investigation, and I imagine our police department will contact the FBI."
UNT's network includes some 13,000 computers and 600 servers, and the university maintains about 1.5 million Web-based files, Leliaert said.
"It's not uncommon in a 24-hour period for a server in our system to be unsuccessfully probed 1.2 million times," she said. "Many of the hackers have automated their attempt to breach security systems in all kinds of institutions and businesses. And what they look for are vulnerabilities."
Because computer hacking has become so common, Monday's announcement didn't bother some students.
David Nix, a 25-year-old graduate of UNT who starts graduate school there in the fall, said identity theft has had "a lot of hype" in the media, and is often overblown. But he is a bit concerned, he said, because he fits the parameters of those whose information may have been accessed.
Gene Luster, a UNT graduate student, said his identity has been stolen in the past and that Internet security has been poorly implemented at both the government level and in the private sector.
"It doesn't scare me," said Luster, 37. "Everybody is having to deal with that now. It's just commonplace."