Computer Hacker Gains Access To CU Students' Personal Info

2007-05-22

KMGH Denver

http://www.thedenverchannel.com/news/13366476/detail.html



The names and Social Security numbers of thousands of students at the University of Colorado Boulder have been exposed by a computer hacker, the university announced Tuesday.

A school official in Boulder say a computer worm attacked a computer server used by the College of Arts and Sciences. The hacker was then able to have access to the vital information for 45,000 students who were enrolled at CU Boulder from 2002 to the present.

IT security investigators said they do not believe the hacker who launched the worm was looking for personal data, but rather was attempting to take control of the machine to allow it to infiltrate other computers both on-and-off campus.

CU said a series of human and technical problems led to the security breach. All students whose information was exposed are being notified by letters sent to their homes.

The hack was discovered May 12. IT security investigators said that the worm entered the server through a vulnerability in its Symantec anti-virus software, which had not been properly patched by Arts and Sciences Advising Center IT staff.

"The server's security settings were not properly configured and its sensitive data had not been fully protected," said Bobby Schnabel, CU-Boulder vice provost for technology. "Through a combination of human and technical errors, these personal data were exposed, although we have no evidence that they were extracted."

The school said that it has instituted a new series of security measures.

"We have also taken steps to ensure that all sensitive personal data have been removed from our Academic Advising Center servers," said Gleeson. "I want to assure our past and present students that we have taken strong measures to protect our advising center computers and our students' personal information."

Students needing more information about protecting themselves following a data exposure can visit a special Web site at http://www.colorado.edu/its/security/aac052007/.

Besides the measures Gleeson requested for the Arts and Sciences Advising Center, the campus will adopt new IT security measures, according to Chancellor G. P. "Bud" Peterson. These include:


main page ATTRITION feedback