http://www.denverpost.com/news/ci_2906977 By Felisa Cardona Denver Post Staff Writer 08/02/2005 A computer security breach at the University of Colorado at Boulder has left all 29,000 students, some former students and as many as 7,000 staff members vulnerable to identify theft, the school warned Monday evening. Hackers gained access to information on the CU-Boulder identification Buff OneCard used by students. The card contains Social Security numbers, names and photographs. The incident marks the third computer security breach at CU-Boulder since July 21. Although the potential for identity theft exists, there is no evidence that the personal information was stolen or used, and no financial information was affected, campus officials said. The Buff OneCard is used for identification purposes and to gain access to campus buildings, residence halls and laboratories. The breach was reported to the information technology department on Wednesday. The servers were isolated and taken off line. The unauthorized access was detected because IT officials were on high alert after attacks July 21 on computers at the Wardenburg Health Center and the Visual Resource Center of the College of Architecture and Planning, said Dan Jones, IT security coordinator for CU-Boulder. Those incidents affected 42,000 people. A forensic investigation is underway. "It's too early to say that it's the same people," Jones said of the three incidents. "As you can imagine, people were looking at the systems over the last breach and noticed the system had been behaving strangely." Although a major concern is identity theft, it's common for hackers to break into a system such as CU's in order to send spam e-mail without being detected or to use the computer network infrastructure to share pirated movies and software. Matt Martin, a graduate student at CU, says he's not too worried about the incident. "I've had my Social Security number turned in at the top of term papers and never worried about it," Martin said. "If somebody wants my number, they do not have to hack into a system to get it." Several higher-education campuses across the country, including the University of California at Berkeley, Boston University and Georgia Tech, have become targets for computer hackers in recent years. In response to that, CU decided in April to convert all students' identification numbers from Social Security numbers to a new unique student number that cannot be used to obtain or extend credit. However, there are some campus computer systems that still must maintain Social Security numbers, Jones said. Beginning Wednesday, the university will issue Buff OneCard replacements at no cost in Willard Hall, room 182. A hotline was established to respond to individual inquiries about the breach: 303-492-0600. About 6,000 students who live in residence halls will get new access cards. Incoming students who are not scheduled to get their Buff OneCards until the beginning of the fall semester will be given new cards and were not affected by the breach, university officials said. More information on the incident is posted at www.colorado.edu/its/security/buffonecard. Staff writer Christopher Ortiz contributed to this report. _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Wed Aug 03 2005 - 20:57:20 PDT