[ISN] UT Austin hack yields personal info on thousands

From: InfoSec News (isnat_private)
Date: Fri Mar 07 2003 - 00:34:33 PST

  • Next message: InfoSec News: "[ISN] Security swallows a twelfth of IT budgets"

    Forwarded from: Alot of ISN subscribers :)
    
    http://www.nwfusion.com/news/2003/0306utaustin.html
    
    [ https://www.utexas.edu/datatheft/  - WK]
    
    By Paul Roberts
    IDG News Service
    03/06/03
    
    An Internet-based attack on computer systems at the University of 
    Texas at Austin yielded personal information on more than 55,000 
    individuals, including current and former students, current and former 
    faculty, staff and job applicants, according to a statement posted on 
    the university's Web site. 
    
    The attack was first detected Sunday when computer systems personnel 
    at the university noticed that a computer was malfunctioning.
    
    Analysis of the problem revealed that it was the result of an attack 
    and that an administrative data reporting system used by the 
    university had been compromised in that attack, according to the 
    university. 
    
    The attacker or attackers apparently used a "blunt force" approach to 
    cracking the system, writing a program that input millions of Social 
    Security numbers to the system. Social Security numbers that matched 
    records in the UT database were captured. 
    
    In addition to the victims' Social Security numbers, the attackers 
    gained access to e-mail addresses, titles, phone numbers and 
    university department addresses. Academic and health records were not 
    exposed, the university said. 
    
    Approximately 55,200 individuals had some of their data exposed in the 
    attack, the university said.
    
    The university is working with the U.S. Attorney's Office as well as 
    the U.S. Secret Service to locate those responsible for the break-in 
    and is working to contact all of those affected by the attack, it 
    said. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 07 2003 - 03:00:59 PST