[ISN] University warns of possible hacking

From: InfoSec News (isn@private)
Date: Sun Jan 22 2006 - 23:20:54 PST


http://www.kansan.com/stories/2006/jan/20/hack/

By Rachel Parker
January 20, 2006

Students who applied via the online application put out by the 
Department of Student Housing were alerted through either an e-mail or 
a letter that their private information might have been exposed.

According to a University Relations news release, a computer file with 
names, addresses, birth dates, phone numbers, social security numbers 
and credit card numbers was found accessible to the public on Dec. 16. 
The lack of security affected students who applied and paid an 
application fee online between April 29, 2001, and Dec. 16, 2005.

Becky Derdoski, Minnesota junior, applied online for residency in the 
2003-2004 school year.

"That information was given years ago; I didn't think I had to worry 
about it," she said.

Derdoski remembered a similar incident in which her personal 
information was at risk of exposure. The Watkins Memorial Health 
Center pharmacy sent out an e-mail to warn her about it her freshman 
year.

The housing department shut down its housing application Web site 
after the routine computer check showed that security measures were 
not working correctly.

Todd Cohen, University Relations Associate Director for news and 
public issues, said an incident like this had never happened before at 
the University.

"It is something that happens a lot at universities, unfortunately. We 
want to make sure we take care of every precaution, and make everyone 
fully aware," Cohen said.

While no evidence pertaining to unlawful use of student information 
has been discovered, the threat to students is still prevalent. The 
notification sent out to possibly affected students advised them to 
place fraud alert through www.ku.edu/identity or to call the housing 
department with any questions.

Out of about 9,200 online applicants in the past few years, only 
students that gave contact information were notified. Not all affected 
students still attend the University.

Since Jan. 18, 154 phone calls and 52 e-mails have been placed in 
response to the incident, according to the Department of Student 
Housing records.

The Web site has been shut down and applications are now being taken 
manually until a new, secure site is up and working.

- Edited by Jodi Ann Holopirek



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Jan 22 2006 - 23:51:45 PST