[ISN] Many warned about Sacred Heart University computer security breach

From: InfoSec News (isn@private)
Date: Thu May 25 2006 - 00:41:43 PDT


By News Channel 8's Annie Rourke 
May 24, 2006

A possible security breach at Sacred Heart University but is personal
information at risk?

That's what some people are asking tonight after receiving a letter
from Sacred Heart University stating some of their information may be
at risk.

The problem is some of the people warned aren't even students at the

The letter turned up in some mailboxes Wednesday advising recipients
that the security system of one of the university's computers may have
been breeched and that things like their social security numbers may
have been stolen.

However, this letter has raised many more questions than is has

The envelope is stamped confidential and the letter is addressed to
alumni and friends.

But Steve Law's 18-year-old son is neither.

"He is a freshman in college, he did not apply to Sacred Heart. He
wasn't even interested in it," says Law, victim's father.

And yet his name, address and social security number were on a
computer at the university that has apparently been hacked into.

The letter from Michael D. Trimble, Assistant VP for Technology,
states in part,"We cannot confirm that any of the sensitive files on
this computer were actually accessed but we believe that the intruder
had the expertise to do so."

The calls to answer their many questions and concerns have so far gone

"My wife tried to call them today, and they took a message and the are
supposed to be calling back," says Law.

News Channel 8 spoke with a representative at the school but they were
unable to tell us how many people were affected or why the university
would even have the information of someone not affiliated with them in
any way.

Law's son is not the exception. News Channel 8 spoke with another
victim with no ties to Sacred Heart who tells us that the university
told him that they got his information from the College Board when he
took the SATs 8 years ago.

Sacred Heart is now directing these folks back to the internet,
advising them to go to the university website for answers and to
contact the three credit bureaus.

That too is not going down so well.

"I do not understand why expect us to notify all these security
companies. Why would they put the burden of that on us?" asks Law.

Sacred Heart has now set up a hotline number of 866-505-7979.

They say at this point they do not have any evidence that any fraud
has been committed and at this stage it is just a precautionary
Content  Copyright 2000 - 2006 WorldNow, WTNH, and Associated Press.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 25 2006 - 00:58:46 PDT