[ISN] ISU reports computer security breaches

[InfoSec News]

http://desmoinesregister.com/apps/pbcs.dll/article?AID=/20051212/NEWS/51212001/1001/SiteMap

By REGISTER STAFF REPORT
December 12, 2005

Someone recently breached the security of two Iowa State University
computers that contain sensitive information, according to a news
release from the university.

One of the computers held approximately 2,500 encrypted credit card
numbers of athletics department donors. ISU information technology
staff who investigated the computer breaks-ins say the intruder could
not have read the credit card numbers because they were encrypted.

The second computer was used to enter time card information for
several university departments and contained Social Security Numbers
of more than 3,000 Iowa State staff. Technology staff members say it's
unlikely that the intruder accessed the files with that information.

"Analysis of both computers indicates the intruder was not looking for
personal data, but for space to distribute pirated movies," said Maury
Hope, associate chief information officer in Information Technology
Services.

Iowa State's information technology staff removed intrusive software
that had been installed on the computers and are tightening security
measures on other computers to prevent similar intrusions in the
future, Hope said.

All employees whose personal data was on the time card computer have
been notified, Hope said.

"Although we don't believe the intruder accessed personal data, we
don't know that for certain," he said. "We've provided those employees
with precautionary steps they can take, such as keeping an eye on
their credit reports."